The insider threat is quickly becoming one of today’s biggest cyber security challenges.
This blog post introduces the concept of the insider threat, and explores how the
prevalence and awareness of this phenomenon have increased in recent years.
What is the Insider Threat?
The insider threat refers to the security threat that employees pose to an organization.
Employees often have access to their organization’s computer systems and information,
and thus have the ability to mismanage and even steal sensitive company data. 1 CA
Technologies names three types of insider threats: “malicious insiders” deliberately steal
information or sabotage a company’s computer systems, “exploited insiders” are
unwittingly tricked by external parties into providing passwords and data, and “careless
insiders” accidentally delete or modify important information. In today’s data-driven
workforce, theft or destruction of data can be catastrophic for a company. 2
The Rise of Insider Threats
The latest research shows that the number of security breaches from insiders is growing.
83 percent of executives polled in EY’s Global Forensic Data Analytics Survey in 2016
stated that insider threats and cyber breaches posed the biggest risk to companies
becoming a victim of fraud, corruption, or data loss. 3 Similarly, the 2015 Insider Threat
Spotlight Report noted that 62 percent of security professionals report that insider threats
have become more frequent in the last 12 months. 4 In fact, insider threats have overtaken
external attacks as the greatest cyber security risks: the IBM 2015 Cyber Security Index
revealed that insiders commit 55% of all security breaches, compared to 45% perpetrated
by outsiders. 5
Increase in Coverage on Insider Threats
Insider threats have historically been overshadowed by external threats. A 2015 article by
Info Security observed, “Insider threats aren’t recognized as the gaping issue that they
are.” However, as insider threats have grown in prevalence, they have received more
coverage, as cyber security authorities (such as those referenced in this article) have
publicized the issue. Articles like SC Magazine’s 2015 piece, “Report: Insider Threat
More Dangerous Than External Risks,” have become increasingly common. 6
How to Prevent Insider Threats
While insider threats are posing an increasingly large threat on companies, there are
certain measures that companies can implement in order to prevent – or at least mitigate –
the insider threat. Firstly, companies should thoroughly screen all job applicants to ensure
that they only bring in employees that can be trusted with sensitive data. It is also
important that businesses provide employees with computer security training and
education in order to reduce the likelihood that employees accidentally mishandle data or
give away sensitive information to external attackers. 7 Most importantly, companies
should install a cyber security platform that monitors employee computer use and alerts
them when they are exhibiting suspicious or damaging activity.
- https://digitalguardian.com/blog/what-insider- threat-insider- threat-definition
- http://www.ca.com/content/dam/ca/us/files/white-paper/dealing- with-insider- threats-to-cyber-security.pdf
- http://www.computing.co.uk/ctg/news/2442565/malicious-insiders- the-fastest- growing-threat-to- cyber-security- warns-report
- http://www.infosecbuddy.com/wp-content/uploads/2015/06/Insider- Threat-Report-2015.pdf
- https://essextec.com/wp-content/uploads/2015/09/IBM- 2015-Cyber- Security-Intelligence-Index_FULL- REPORT.pdf
- http://www.scmagazine.com/report-insider- threat-more- dangerous-than- external-risks/article/455117/
- https://www.darklightcyber.com/blog/fighting-insider-threat