Insider Risk

Who to Consider an Insider Threat in Your Organization

By Veriato Team

Who to Consider an Insider Threat

Typically, people think of security threats as outside attacks on an organization. Data security plans tend to focus on securing the perimeter, endpoints, email and data. Though these are certainly critical measures, all organizations should realize the real threat that insiders, or internal employees, pose to operations.

28 percent of data breaches are perpetrated by insiders and institutional fraud is almost always executed by an insider. With 53 percent of organizations experiencing at least one insider attack within the last 12 months, it’s clear that all organizations should take steps to detect and prevent insider threats.

But how do you determine who those threats are? Unfortunately, the problem is more complex than just “malicious insiders,” employees with malicious intent against the organization and are seeking to cause damage. Below are several insider threat possibilities within your organization. Thoughtfully consider which ones are of concern to your organization and what that concern means for your security procedures.

  1. Malicious employee – As briefly mentioned previously, a malicious insider is one who purposely seeks to damage the company. Damage can come as the theft and sale of data, release of private information, or other acts that can harm an organization’s financials or reputation. Organizations should be on the lookout for any employee who may have reason to harbor negative feelings toward their employer.
  2. Unproductive employee – If employees lose productivity, it immediately effects your bottom line. If each employee in a 100-person company wastes an hour of the work week, that payment for wasted time equals 2.5 employees’ annual salaries. With a loss like that, unproductive workers are definitely a threat to keep in mind.
  3. Harassment/discrimination complaints – If an employee acts inappropriately in the workplace, that behavior can have serious financial repercussions. The EEOC (Equal Employment Opportunity Commission) reports that more than 84,000 harassment and discrimination charges occurred in 2017 with damages in excess of $355 million. Additionally, those inappropriate acts can effect an organization’s reputation with the public, or deter potential candidates from applying to work there.
  4. Corporate fraud – According to the Association of Certified Fraud Fraud Examiners (ACFE), the median loss from fraud is $130,000 and takes 16 months to be discovered. 85 percent of perpetrators are first-time fraudsters, which can make detection more difficult. In addition to monetary damages, fraud cases are often very public and can cause exceptional damage to a company’s reputation.
  5. Insider data theft – 28 percent of data breaches are perpetrated by insiders. An average breach compromises more than 24,000 records with an average cost per record at $1,412. That brings the average total cost of a data breach to $3.4 million.
  6. Negligence – Sometimes, simple negligence on the part of employees can cause major security breaches. The simple act of leaving a database exposed to the Internet or losing a laptop outside once can have serious repercussions. Innocent clicking of a malicious email attachment can infect a machine with malware, which can result in data breaches, ransomware attacks, espionage and more.

There are several types of insider threats that can pose a risk to your organization. While most organizations focus on data breaches, it’s important to consider each scenario and then take action by investing in appropriate software and developing execution strategies.

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

March 2023 marks approximately three years since the world shut down at the beginning of the Covid-19 pandemic. Since then, organizations have seen their workforce change considerably. What was originally a short term plan to work from home has become ingrained in our...

Focusing On Productivity Helps Reduce Insider Risk

Focusing On Productivity Helps Reduce Insider Risk

Many companies are concerned by the uptick in insider risk that’s come with the work-from-home boom. By one estimate,  58% of office workers work from home at least one day a week. This trend creates blind spots for companies. Managers see their employees less often,...

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz, CEO of Veriato, gave an interview to ISMG at this year's RSA Conference in San Francisco. In it, Elizabeth covers the challenges of maintaining data security in the remote or hybrid workforce environment and the rising cost of data breaches. She also...