Insider Threat — what it is and why you should care
How do you keep “out” what emerges from within? The strongest of walls means nothing if the threat arises inside of them. Of course, externally-sourced risks do exist and indeed should be treated with concern; however, they should not be considered alone for there exist alternative and equally threatening risks presented by those nearest: insiders.
The idea that those who work for and with us may not always be reliable is not new, existing long before the era of the Internet. However, according to Steven Bellovin, Computer Science researcher at Columbia University, though negligent and corrupt workers have always existed, “the power of computers, and our inability to secure them in the best of circumstances, makes the problem far worse today”. The difficulty posed by computers stems not only from purposeful thieving or corruption, but, as we will discuss, from often accidental human error and mistakes. Insider threat fits into the broader theme known as “people risk” — referring to risks an organization and its performance face attributable to the workforce.
“…the power of computers, and our inability to secure them in the best of circumstances, makes the problem far worse today.” — Steven Bellovin
Who are your “Insiders”?
Intuitively, an insider can be anyone directly associated with your company, most commonly current employees. However, it is important to note that former employees with previously conferred access credentials (credentials that may not have been entirely revoked) are also considered “insiders,” as are third party associates such as business partners or contractors who may also be granted access to your company’s files and information.
What is Insider Threat?
Just as there are a variety of people considered “insiders”, there are also a variety of motivations that may underlie the threats associated with insiders. In short, not all insider threats arise out of malicious intent with a deliberate “motivation”, some can be accidental. This brings us to the insider motivation spectrum. Referring to the idea that insider threat is not all uniform, the spectrum highlights a range of threats labelled as “innocent/unconscious” on the one end, and “malicious/conscious” on the other.
A recent study by Sharp revealed more than 23% of UK employees use unsecure public file sharing for sensitive documents. Public file sharing on an unsecure network can lead to confidential information leakage and exposure. Further reports find the extensive prevalence of other threats rooted in negligent insiders such as downloading of sensitive data to personal devices, and failing to recognise phishing tactics. Carelessness or lack of knowledge of employees and other third parties associated with your company can therefore cause accidental and unconscious data breaches, and should be treated with as much concern as externally-based attacks.
On the other end of the spectrum, the malicious/conscious threats posed by insiders may include actions such as providing credentials to individuals who should not have such access, or knowingly bypassing security measures to access files they are not supposed to have access to, among other purposeful security-threatening actions.
Why should you care about Insider Threat?
- The threat is growing
The frequency of insider incidents is increasing. The prevalence of fluid workforces, with contractors and employees often scattered globally, in addition to the growing dependency on cloud services has piloted a new era of insider-related security risk. A global Harvey Nash/KPMG survey of 4,500 CIOs and technology leaders found that insider threat is the fastest growing security risk of all. It is important businesses and security professionals recognise the trend and work to get ahead of the curve so as not to be caught off guard and pay a hefty price.
2. The damage can be long lasting
Conscious or unconscious, rooted in malicious intent or negligence, insider threats are costly. Both in the short term and in the long run. Consider that 58% of consumers said knowledge of a company experiencing a breach would discourage them from using their services. This fact hurts businesses immediately, as they are forced to implement damage control, committing time, effort and money. Perhaps more detrimental, in the long run companies may experience irreparable brand reputation loss. Smaller companies especially may be more readily negatively impacted as they are unable to command as many resources and brand recognition. This is not to suggest larger companies are immune to the costs of an insider breach; the giant data breach involving the personal data exposure of 37 million users from infidelity website Ashley Madison has resulted in costly repercussions. The company’s latest settlement cost them over $11 million — all due to an insider-based attack.
3. Reactive policies do not mitigate the threat
Conventional procedure seems to be to address an incident in its wake, rather than to mitigate the likelihood in the first place. Preventive measures, rather than reactionary ones, can ensure immediate detection that may otherwise take days or years. This is an important fact because the longer it takes to recognise a threat or breach, the higher the remediation cost. The Swedish government became aware of a leak that actually occurred two years prior to their intelligence. The agency responsible said the leak went unnoticed as they had no indications sensitive material had actually ended up in the wrong hands. Negligence permitted the leak, allowing access to the personal data of millions of Swedes to IT workers in other countries for two years. To mitigate risks like these and to be in a better position to catch such leaks promptly if they are to occur, companies must adopt proactive measures.
Good news: there exists a solution
The “I’ll cross that bridge when I get there” attitude is the wrong one to have for the cost is high, the threat is growing and there exists an option for preventive action today — StatusToday. Our AI-Powered Insights Platform can help to detect threats so they can be stopped in their wake. Employee behaviour analysis provides valuable insights into the profile of your company and the practices of employees, including the threats they may pose — both conscious and unconscious. Preventive actions go a long way in mitigating insider threats within your company to ensure a strong security posture.