Most organizations may see hackers as their biggest threat but security threats can happen from inside their company as well. According to Verizon, 57% of database breaches involved insider threats within an organization.
Insider threats can occur in various ways and are not always intentionally malicious. For example, an employee who has their credentials leaked can inadvertently become an insider threat if a hacker compromises their account to steal data. In this case the employee may seem like they are a bad actor when in reality their account is being controlled by a malicious actor.
Understanding the different types of insider threats can help organizations ensure they have effective measures in place to prevent insider threats from harming their company.
What Is An Insider Threat?
An insider threat is someone who has authorized access to an organization and misuses that access and puts an organization’s security and data at risk. They can be former or current employees, stakeholders, partners or someone who frequently access your organization’s premises.
Insider threats are serious because they know their way around an organization. They will most likely have access to or know how to gain access to important data. Since they have authorized access, they can be hard to detect or determine if they are using their access maliciously.
A well-known example of an insider threat is the whistleblower Edward Snowden. Snowden famously leaked highly classified information from the NSA, where he used to work.
3 Types of Insider Threats
Employees accidentally leaking information or putting data at risk end up acting as an insider threat. This type of insider threat doesn’t have malicious intentions but may use poor cybersecurity habits that end up threatening an organization’s security. According to research by SolarWinds, more than 50% of organizations reported that employees pose the biggest risk for insider abuse or misuse.
The best way to combat employee error is to have a good cybersecurity culture. Cyber awareness through cybersecurity training can help users avoid common mistakes, such as clicking on a phishing link, that put organizations at risk.
This type of insider threat wants to use their access maliciously for their own desires. They may be a disgruntled employee looking to cause havoc on their former employer or an employee trying to use their access for financial or personal gain. Research from Accenture found that nearly one in five healthcare employees said they would sell confidential information like login credentials to unauthorized parties.
Of course, organizations are unable to read the minds of their employees let alone know their intentions. In order to combat this type of threat, using advanced technology like a SIEM can help detect suspicious behaviour, such as employees accessing unusual data or systems or if your network is communicating with a malicious server. Organizations should also disable the accounts/access of recently departed employees as soon as possible.
This threat occurs when the person colludes with other employees or with external parties to steal information.
An example of this type of insider threat would be the the incident with the “Wolf of Manchester.” In 2015 an insurance worker partnered with a former employee to steal customer data and used that information to commit fraud. The pair made £18,250 (approximately $30,000 CAD) by using the stolen data.
To mitigate this kind of insider threat, it’s important that you are protecting your critical assets with privileged access management and monitoring. Limiting access to important data to only those who need it will help you keep track of who has access to the data. Monitoring your networks for suspicious behaviour can help detect fraudulent activity or abuse of access.