What is an Insider Threat?
An insider threat is a type of security risk that originates within a company’s internal security system. Insider threat actors include current and former employees, consultants, business partners, and members of corporate boards of directors.
According to the Verizon Data Breach Investigation Report for 2019, 34 per cent of data breaches are the result of internal actors. According to the Varonis Data Risk Report for 2019, 17 per cent of all sensitive files in a company are accessible to all employees, including executives.
Key Takeaways
An insider threat is a threat that originates within a company.
Employees, consultants, former employees, business partners, and board members are all examples of insiders in the workplace.
Insiders are responsible for 34 per cent of all data breaches.
An organization’s most sensitive files are accessible to a large number of employees.
In the case of insider threat actors, they can be turncloaks who maliciously breach systems or pawns who unintentionally make mistakes that result in cyberattacks.
Insiders are responsible for 34% of all data breaches.
Those statistics indicate that employees within a company have the capabilities, motivations, and privileges to perpetrate a data breach. Several significant gaps in insider threat defence were identified in a 2019 SANS Report on Advanced Threats by security practitioners, which were attributed to a lack of visibility into typical user behaviour. Several flaws were discovered in the management of privileged user accounts, as well.
34 Percent of Data Breaches Involve Insiders
Turncloaks – A turn cloak is a malicious employee or contractor who steals confidential information with the intent of reselling it. The insider has legitimate access to the company’s networks and systems, but he or she misuses that access for the enjoyment of others or financial gain. As well as being collaborators, turncloaks collaborate with competitors, nation-states, and hacktivists to breach systems and steal sensitive information.
pawn – A common worker may commit an error that hackers can take advantage of to steal confidential information. A pawn is an unintentional do-gooder who unwittingly assists in the compromise of data security.
This type of insider engages in deliberate and potentially harmful behaviour, even when they have no malicious intentions. Goofs are employees who are ignorant and arrogant, and who operate their businesses in violation of security policies. Insider threats are caused by human error 90 per cent of the time.
Lone Wolves are insiders who act maliciously on their own, without the assistance of outside forces. Lone wolves with special access can be extremely dangerous. Edward Snowden is a classic example of a lone wolf, having used his skills and privileged access to leak sensitive information from the National Security Agency (NSA).
Types of Insider Threats
Dongfan “Greg” Chung, a Chinese-born engineer, was sentenced to more than 15 years in prison for stealing sensitive information about the United States space shuttle programme. The 74-year-old former Boing Co. Engineer had 300,000 pages of highly sensitive information that he intended to share with the Chinese government, according to authorities.
Tesla systems were sabotaged by a malicious insider who then shared proprietary information with third parties. Aside from that, the insider used fictitious credentials to make direct code modifications to the Tesla Manufacturing Operating System.
A Facebook engineer used legitimate access to stalk women on the social media platform. During an alleged Tinder encounter, the employee referred to himself as a “professional stalker” and sent a message to the woman.
An ex-employee of the Coca-Cola Company used an external hard drive to steal personal information from other employees. Approximately 8,000 company employees were affected by the incident.
Identifying and Detecting Insider Threats
Previous Examples of Insider Threats
Employees who download or access large amounts of data are considered high risk.
Insiders who gain access to sensitive information that does not pertain to their job function.
Personnel who have access to information that does not correspond to their specific behavioural profile
Unauthorized and external storage devices such as USB drives are being utilised.
Data hoarding is the act of copying files from confidential folders and storing them elsewhere.
Emailing sensitive information to third parties can be a dangerous practice.
Users attempt to circumvent security policies.
Insider Threats and How to Avoid Them
When it comes to detecting and preventing insider threats, traditional perimeter security measures fall short of expectations. To respond to insider threats, you can
Detecting Insider Threats
Keep track of emails, files, and other activities on computer systems. Make a list of all locations where sensitive files are stored.
Access control policies should be updated to determine and manage user access to company data.
Make use of the least privileged model.
Installation of software for collecting, monitoring and analysing data as well as for detecting abnormal behaviours
User awareness training should be provided to employees to help them avoid making mistakes that could lead to cyberattacks.
