When it comes to threats in cybersecurity, the insider threat is not the first one that comes to mind. Malware, ransomware, hacking, and denial-of-service attacks dominate the headlines. But more often than not, an insider threat is the cause of many of these attacks. In fact, insider threats are responsible for around 43% of all data breaches.
To break that down, it is important to note that insider threat has preconceived ideas attached to them. When picturing an insider threat, we often think of a malicious, disgruntled employee who plots to rip off the company. Mike Judge’s Office Space might be one of the most famous examples of this in pop culture. In the third act of the movie, two scorned IT employees find out they are fired. As a result, they decide to infect their company’s accounting system with a computer virus that will slowly siphon money into their own personal accounts.
An image like this sticks in our heads because it is rebellious and it is exciting. But in reality, an insider threat is a lot more sinister. There are three main categories of an insider threat.
An accidental insider threat is a data breach that is caused by general ignorance. This could be that an employee does not have a clear understanding of best cybersecurity practices. Perhaps some intern opened a phishing email. Maybe a new employee clicked on some sketchy link. Accidental threats are often the result of loose policy and poor employee training,
In contrast, a negligent threat is any threat that directly comes from employees intentionally ignoring protocol. Often, an employee will simply disagree with a strict rule. Even though the rule is set in place to ensure security, an employee might feel entitled to, for example, share work on a public application. That way they can work from home. In contrast, maybe they connected to the network from their personal device. Both of these actions could cause a security breach.
The iconic and famous image of an insider threat is the malicious threat. These make up around 21% of all data breaches. A malicious threat is self explanatory. A scorned employee leaks information on purpose in order to hurt the company. This can be out of revenge, spite, or even premeditation.
How to Stop an Insider Threat
A lot of emphasis in the cybersecurity conversation is being driven by protecting your information from outside sources. There needs to be more emphasis on internal threats. But how do we do that?
We often hear that we should we educate employees more. The knowledge will mitigate accidental breaches. Having harsh penalties (See GDPR) will deter many negligent threats. But when it comes to malicious threats, it seems hard to know what to do. Generally, people find an insider threat after it occurs. The early warning signs of a threat are subjective at best. It can not rest on employees to seek out early signs, due to the fact that they do not have the training to do that.
Focus on the Structure
Investing in a stronger infrastructure takes the responsibility off the people and onto the network. Ventures such as specialized penetration tests, zero trust networks, and enhanced monitoring capabilities are tangible steps that will actually help reduce the chance of an insider threat. Fortifying the system from the ground up is the only way to significantly reduce the risk of an insider threat.