The riskiest types of insider security threats

For a few years now, research has shown upwards of 60% of all cybersecurity attacks against corporations have been committed by insiders – employees, partners, vendors, etc. And according to the Ponemon Institute’s “2018 Cost of Insider Threats” report, the average cost of insider incidents was $8.76 million in 2017 – more than twice the $3.86 million global average cost of all breaches during the same year.

It’s not a pleasant thought – knowing the biggest risk to your organization comes from the people you trust with your most sensitive systems, data and logins.

What’s even tougher, though, is not knowing what exactly that insider threat looks like. Who is it that you have cause not to trust? Should you have been more careful with your hires, your background checks, your PC monitoring? Not necessarily.

When Teramind determined four separate types of insiders that could be threatening your organization, they did include the two “blockbuster movie hacker” types you might be picturing:

  • The malicious insider: “Insiders that steal data intentionally, or destroy company networks – such as an employee that deletes company data on their last day of work.” These are your disgruntled workers, scorned staff, passed-up-for-promotion professionals. While the possibility of this type of attack is real, it would take someone in a very specific position to do real and lasting damage to your organization’s data without serious repercussion.
  • The professional insider: “Insiders making a career off exploiting network vulnerabilities, and selling that information on the DarkWeb.” These are the guys they make movies about … the moles, the ones really committed to the long con. Again, this threat is possible but not probable – especially for most types of organizations (no offense).

Here’s the thing. Most of your employees care about your organization and want to do a good job – or at the very least, they want to do a job and go home. They’re not out to get you at a global level, and they probably don’t have all that much to gain from sneakily stealing your data. Unfortunately, they’re the scariest ones.

Two-thirds of total data records compromised in 2017 were the result of inadvertent insiders, according to the “2018 IBM X-Force Threat Intelligence Index.” These inadvertent insiders take two primary forms:

  • The oblivious insider: “Insiders with important access to company information that have been compromised from the outside. Because the system is monitored from the outside, the employees are usually oblivious to the act,” and
  • The negligent insider: “Insiders that are usually uneducated on potential security threats, or simply bypass protocol to meet workplace efficiency. These employees are most vulnerable to social engineering.”

Often, oblivious and negligent insiders are one and the same. They’re the employees who didn’t pay attention to training, didn’t follow the practices outlined in those trainings and then – when this lack of protocol-following made them vulnerable – didn’t recognized the signs that their system had been compromised from the outside.

As we mentioned earlier this year, Verizon’s 2018 Data Breach Report found that an average of 4% of targets in a phishing campaign will click, and that people who have clicked once are more likely to click again. Sure, you could generalize about who these employees are most likely to be, but it’s more effective to make sure everyone takes part in regular training reminding them of the signs of phishing campaigns and how to respond if they think they’re an attempted target.

You should also make an effort to squelch one of the most common ways threats enter your organization: through what we like to call the connected compromise.

When researchers at Virginia Tech University and Dashlane analysts carried out one of the largest empirical studies (on a database of 28 million users and their 61 million passwords), on password reuse and modification patterns, they found 52% of people use the same passwords (or very similar and easily hackable ones) for different services – most of which are outside your organization’s purview.

That’s one of the places Applogie comes in. With our data breach discovery feature, you have access to the security of your users’ other accounts, in near real-time, and without compromising their privacy. Here’s how it works: when you know that an insider’s account has been a victim of a data breach somewhere else online, you can prompt that employee to change his or her corporate password and login info immediately. This greatly reduces the chance that your own corporate systems are at risk of a breach.

Nobody wants to think they can’t trust their employees, and nobody has time or energy to spend worrying about the potential “call coming from inside the house.” We can help.

Ready to see what Applogie can do? Give our platform a no-strings-attached spin with a free trial today.

Leave a Reply