An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems. (Wikipedia)
An insider threat may be intentional or caused by neglect, misuse or unintentional means. Either way, malicious or unintentional, poses a threat.
- 51% attributed to malicious actors
- 24% attributed to negligent employees or 3rd party contractors
- On average, it takes 72 days to contain an insider threat. The longer it takes, the more it costs
- On average a data breach costs $3.92 million
- Insider threats account for 60% of cyber attacks
In an intentional and malicious insider threat a person is aware of security controls and may have access to systems and information as a part of their job. This insider may go undetected for this reason. Conversely, a negligent insider may be identified through their vulnerabilities and errors.
Malicious actors use malware infections, phishing and SQL injections among other activities. They might steal or destroy valuable data or sabotage a system. The unintentional insider might expose the organizations data or other threats through neglect or carelessness.
Insider threats are hard to detect and manage. But an organization can take some basic steps to protect themselves.
- Identify what and/or who may pose a threat. Limit security and access permissions.
- Monitor activity on the network such as downloads, printing, logins.
- Encrypt critical data.
- Set restrictions such as access, bandwidth, passwords, multi-factor authentication and segmentation
- Train employees. An unintentional threat can be reduced through proper and continuous awareness education