Insider threats are nothing new to businesses. While the threat of employees, subcontractors, and other internal actors is nothing new, the problem is becoming more commonplace. As a matter of fact, the 2019 Data Breach Investigations Report by Verizon reported 34 percent of breaches studied in 2018 were caused by internal actors. According to the IEEE Symposium on Security and Privacy Workshop on Research for Insider Threat, this number could be significantly higher as another study found more than 70 percent of internal attacks are not reported externally.
The Ponemon Institute’s 2020 Cost of Insider Threats Global Report demonstrates that the frequency, cost, and time to recover from insider threats is on the rise as well. The study showed insider threats increased by 31 percent in just two years and the frequency of incidents nearly doubled during the same timeframe with a 47 percent increase. The same report showed the average cost of insider incidents is now $11.45 million. Additionally, and perhaps even more frightening, is the report shows it took an average of more than two months (77 days) to contain each insider threat.
What is an “Insider Threat?”
An insider threat can be as nasty as a malicious individual or as simple as a group of untrained or negligent employees within an organization. Insiders are employees, temporary staff, contractors and subcontractors, and business associates who have inside access or information about an organization’s security practices, data, and computer systems. According to the aforementioned Ponemon Institute report, an insider threat is:
• “A careless or negligent employee or contractor”
• “A criminal or malicious insider” or
• “A credential thief”
Insider Threat Types
Insider threats can be quite complex but there are several types of insider threats businesses should watch for. These insider threat types include:
• Insider Sabotage - This is an act by an insider that intentionally directs specific harm toward an organization or its assets. Think of an angry employee who might plant a vicious virus meant to wipe out the data on their company’s network as an act of revenge.
• Insider Data Theft/Exfiltration - This is the theft of intellectual property by an insider. Consider an employee giving their notice and then stealing valuable, proprietary information from their employer before they leave. See Dox’s recent blog on the arrest of a scientist who committed this type of insider threat.
• Insider Fraud - This type of fraud happens when an insider modifies, deletes, or steals an organization’s data for personal gain, leading to an identity crime. This could be the theft of a patient’s personally identifiable information (PII) from a hospital, for example. When the PII is used to commit identity theft by opening a credit card or other line of credit, insider theft has occurred. A former Microsoft Engineer was recently convicted of insider fraud by using his administrative privileges to steal $10 million.
• Unintentional Insider Threat (UIT) - This threat occurs when an act or failure to act by an insider, without malicious intent, leads to harm or significantly increases the risk of harm to an organization or its assets. For example, this might be an unsuspecting employee clicking a link or attachment in an email that is harboring malware which leads to a data breach.
• Workplace Violence - This is any act or threat of physical violence, harassment, intimidation or disruptive behavior that occurs within the workplace. Consider the disgruntled employee passed over for a promotion or raise who may become upset enough to cause physical harm to those in their work environment.
Preventing Insider Threats
Now that you know what types of insider threats to watch for, here are several ways of preventing them.
• Conduct Thorough Background Checks - Before hiring any employee or contractor, ask for references and conduct both a criminal and financial background check.
• Follow Staff Morale - Keep tabs on your employees to ensure they are happy in their roles. Use department supervisors to keep you informed and address concerns as quickly as possible.
• Train Employees Regularly - All employees should be fully trained on an ongoing basis so they understand the laws, mandates, and/or regulatory requirements of your organization in regard to their work and the company’s security.
• Add Extra Training for Employees that Work Remotely - Provide additional training for remote employees to reduce the risk specifically when your staff are working from home, especially during this pandemic. This training is imperative when you’re granting remote access to employees who normally don’t have it.
• Enact Guidelines - Organizational leadership should enact guidelines so employees know what devices they are able to use for work including company devices and bring your own devices (BYODs) as well as the security requirements for those devices at all times.
• Sending Confidential Data - Employees should be taught when and how to securely send highly confidential data to reduce risks to your business.
• Share Security Policies - Put together security policies for your business and share them with your employees during training. This should also include when and to whom to report a suspected breach or breach attempt.
• Principal of Least Privilege - Ensure that your employees have the lowest minimum of access to company data (digital or otherwise) that they require to complete their duties.
• Patches Matter - Remind your employees and IT department that all devices, software, and services need to be patched and upgraded to the latest versions at all times to reduce risks to your organization.
If you still have questions about insider threats or preventative measures your organization can enact, contact Dox Electronics now at (585) 473-7766. Our IT and cybersecurity experts are ready to protect your business against insider threats.