{"id":50631,"date":"2022-05-18T00:00:00","date_gmt":"2022-05-18T00:00:00","guid":{"rendered":"https:\/\/www.techopedia.com\/insider-threat-awareness-avoiding-internal-security-breaches\/"},"modified":"2022-07-25T19:42:06","modified_gmt":"2022-07-25T19:42:06","slug":"insider-threat-awareness-avoiding-internal-security-breaches","status":"publish","type":"post","link":"https:\/\/www.techopedia.com\/insider-threat-awareness-avoiding-internal-security-breaches\/2\/34595","title":{"rendered":"Insider Threat Awareness: Avoiding Internal Security Breaches"},"content":{"rendered":"

“Insider Threat,” a potential cybersecurity breach from within your organization, has been a topic of intrigue for cybersecurity professionals for many years and continues to be a significant concern today. Not only do we find ourselves having to defend against internet-borne attacks from cybercriminals, hackers, and many other threat actors. We must keep a watchful eye within our office locations, control rooms, datacenters, and many other areas under our protection – on the lookout for the Insider Threat.<\/a><\/p>\n

You might think insider threats are only a problem in large corporations, but the truth is that they are a massive issue for small businesses too.<\/p>\n

An insider has access to sensitive information because they are an employee, contractor, or partner. They could potentially use that information to cause harm to the company or its customers.<\/p>\n

The intelligence community uses the term “Insider Threat” to describe employees who leak or share information with unauthorized parties. Insider refers to someone working in your organization who may pose a risk to you if they make a mistake with data handling procedures.<\/p>\n

Insiders are not limited to people who work in IT. They could include administrators, engineers, developers, project managers, salespeople, customer service representatives, or finance…anyone who has access to information that is not for public consumption. Whether they possess privileged access credentials or not, these individuals have access that allows them to view confidential files and systems.<\/p>\n

It may be that they have too many permissions, usually acquired over a lengthy period of employment, where they’ve had multiple roles, and have kept permissions as they’ve moved around – this is known as “Privilege Creep.” Having access to data that isn’t required for their current role puts a person in a prime position to steal intellectual property, a trade secret, proprietary designs or financial records.<\/p>\n

The insider threat exists for multiple reasons. Those with malicious intent are obviously a real problem for companies, but there are also implications for employees who unintentionally leak information.<\/p>\n

Read also: <\/strong>Security Pitfalls IT Often Overlooks<\/strong><\/a><\/p>\n

Types of Insider Threat<\/span><\/h2>\n

Unintentional Breaches<\/strong><\/p>\n

Your trusted employees can be unaware of how their carelessness or negligent actions can affect the company or its employees. For example, they might not know that clicking on an innocent-looking link could lead to malware entering the network, or sharing sensitive hard copies of documents with other colleagues who don’t hold the appropriate access levels could lead to a breach. Or they might think that it’s no big deal to share it with others because the document wasn’t sensitive.<\/p>\n

People often don’t consider that data aggregation can add up to a considerable amount of information, making it a valuable commodity to a competitor. If such data becomes compromised, it can cause serious harm to the company.<\/p>\n

Malicious Breaches<\/strong><\/p>\n

There is an essential distinction between insider threats; one is unintentional, and the other is a malicious threat actor. Malicious insiders may include disgruntled employees or staff working their notice period who intentionally take company data with them.<\/p>\n

Or it could be an engineer who has misconfigured a system setting that exposes your internal environment to the internet, now visible on Shodan.<\/a> Or the developer who hasn’t considered security from the outset and has left a backdoor in the application code discovered by a malicious insider threat. Access to any sensitive information (i.e., corporate documents, financial records, personal information about customers and employees), regardless of the source, is currency to a malicious insider.<\/p>\n

Read Also: <\/strong>Cybersecurity Concerns Rise for Remote Work<\/strong><\/a><\/p>\n

Insider Threat Statistics<\/span><\/h2>\n

According to an independent study conducted by the Ponemon Institute<\/a>, the average global cost of Insider Threats rose by 31% in two years to $11.45 million, and the frequency of incidents spiked by 47% in the same period.<\/p>\n

Here are some highlights from the report:<\/h3>\n

The highest overall cost center for organizations is containment, <\/a>at an average of $211,533 per company annually.<\/p>\n

The fastest-growing cost center is investigations, costing organizations a whopping 86% more than they did only three years ago.<\/p>\n

The longer an incident lingers, the costlier it gets. The average incident takes 77 days to contain. Incidents that took more than 90 days to contain cost organizations an average of $13.71 million on an annualized basis.<\/p>\n

<\/p>\n

Insider Threat Indicators<\/span><\/h2>\n