Insider Risk

What Is an Insider Threat and the 5 Things You Should Know?

By Veriato Team

Gone are the days when our greatest inklings of insider threats were employees who never wanted to take vacation and did everything to avoid letting others see the financial records they were maintaining. Today, insider threats come in a concerning variety of forms with consequences often exceeding millions of dollars. As time passes, more industries than ever before are feeling the sting of security incidents and breaches stemming from their very own trusted employees and partners.

According to a 2018 Ponemon Institute report, of those surveyed, ove 3k known insider threat incidents were reported with an average cost of about $238k. The report also reveals that it took companies upwards of 2 months to contain incidents relating to insider threats.

What makes insider threats so concerning, is that they challenge our typical way of thinking when it comes to protecting our assets. Think of keeping burglars out of a home. Even if you invest in the strongest security system, put burglar bars on all windows and more, this will only keep people outside. For someone you trust, like a family member, maid, or the security vendor who understands the solution you purchased and has the security codes, your system likely will not stop them. That is an insider threat.

Similar to protecting a home from burglars, a fundamental component to protecting any company from cyber-attacks is to secure the network perimeter. Essentially, you create a wall to keep the bad guys out. But what happens when your own employees with authorized system access, have the same malicious intentions of the very people you are fighting to keep out? They often know the technology well, which increases their capability to traverse the network without setting off alarms. And because of their internal knowledge, they’re ability to cover their tracks becomes even greater.

Though alarming, this does not mean corporations should breed cultures of distrust in their employees. It simply means that there is a threat, like many others in the cybersecurity space, that can be mitigated with the right level of awareness, people, processes and technology. To get started, here are five important things every company should know about insider threats:

1. Insider threats are not always malicious in nature, but can still have pretty significant consequences regardless of intent.

When most people hear of insider threats, they think of the disgruntled employee who decided to sabotage their company by leaking confidential information after being fired – or – the employee who writes invoices and then pays the funds to their own account. A stark reality is that often times, insider threats can be inadvertent. Common examples include employees who click on phishing emails, developers who quickly release code plagued with security holes to meet a deadline, and more. Though the intention is not malicious, the outcome can still put companies at the same level of risk. One of the best ways to prevent this kind of insider threat is through training and awareness. Employees who are educated on cyber security best practices and proper cyber hygiene, are less likely to make these avoidable mistakes.

2. Monitoring technology can help you detect and respond to insider threats.

Detecting insider threats as early as possible is critical to limiting the amount of damage caused by the incident. This can be done by constantly monitoring user activity for any anomalies. In order to know what can be considered abnormal user behavior, you must have some sense of what normal user behavior looks like. Once you have a baseline to compare against, you can begin to alert on suspicious behavior. For example, if you have an employee of 5 years who has worked a pretty standard schedule of 9 to 5 Monday through Friday and you notice that at 3am they are exporting tons of data from your system – that’s a red flag that you may want to investigate.

3. All insiders are not created equal.

Many companies struggle with keeping track of who has access to their networks and what levels of access they have. Whether employees, retirees, dependents, contractors, third parties or trusted partners, anyone can become an insider threat. When you factor in privileged and super account users, the accounts cyber attackers love the most, the potential impact becomes even greater. In the wrong hands, these accounts can be used to further elevate access, create backdoors, cover tracks, and more. When defending against insider threats, these accounts become extremely important to monitor for suspicious activity.

4. Monitoring technology is a great start, but we can do more!

Insider threat detection and response technologies continue to evolve and advance. With the growth of artificial intelligence and other emerging domains, the ability to conducted deeper analysis and proactively uncover insider threats hiding in organizations has increased exponentially. Sometimes detecting incidents is not as simple as noticing an employee working during odd hours or some of the more obvious signs. A report from Carnegie Mellon on insider threat within the federal government found that most internal fraud was committed during normal working hours, with losses from some incidents exceeding $1 million each. Furthermore, 50% of these threat actors were with the company for at least 5 years. They likely knew the systems well and had insider knowledge on how to circumvent security features. This is where artificial intelligence and User Behavior Analytics technologies can become a game changer for all companies, but especially for those where the stakes are high and the likelihood of insider threats even higher. (e.g. financial services, banking, technology, healthcare, and government institutions.

5. Your employees can also help defend against insider threats.

While technology is a great way to automate detection, there are many signs your own employees can pick up on as well. Creating awareness and having a process where employees can safely report suspected foul play can add another layer of insight. Some indicators employees can look for, according to (US CERT), include ethical flexibility, reduced loyalty, compulsive or destructive behavior, greed or financial need, and working odd hours.

Whether malicious or accidental in nature, insider threats can lead to breaches that cost companies millions of dollars. Advancing technology and cyber awareness efforts are helping companies prevent, detect and respond to these threats. Trusting your employees and your partners is a critical part of doing good business, but maturing your ability to manage insider threats, is doing smart business.


Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

March 2023 marks approximately three years since the world shut down at the beginning of the Covid-19 pandemic. Since then, organizations have seen their workforce change considerably. What was originally a short term plan to work from home has become ingrained in our...

Focusing On Productivity Helps Reduce Insider Risk

Focusing On Productivity Helps Reduce Insider Risk

Many companies are concerned by the uptick in insider risk that’s come with the work-from-home boom. By one estimate,  58% of office workers work from home at least one day a week. This trend creates blind spots for companies. Managers see their employees less often,...

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz, CEO of Veriato, gave an interview to ISMG at this year's RSA Conference in San Francisco. In it, Elizabeth covers the challenges of maintaining data security in the remote or hybrid workforce environment and the rising cost of data breaches. She also...