Research conducted by Ponemon Institute shows that from 2018 to 2020, the number of insider threats has increased 47% and the cost of these incidents escalated to $11.45 million. The study also showed that it takes companies an average of 77 days to contain an insider threat incident. These numbers are alarming and organizations need to be prepared to challenge this menace.

But let's define our terms first. An insider threat is any malicious or unintended security threat to an organization initiated by individuals within an organization having legitimate access to its data and information systems. These individuals can be current or former employees, third-party contractors, vendors, partners. and business associates having access to the organization's resources.

Types of insider threats

Insider threats can be classified into three types: attacks caused by an employee harboring malicious intent, attacks resulting from the actions of a negligent employee, or attacks initiated through an employee who has been compromised.

  • Malicious insider: An employee who has gone rogue and wants to intentionally steal the organization's data for monetary gains, to take revenge against the organization for perceived unfair treatment, or for corporate espionage.
  • Negligent insider: A careless employee who does not follow IT best practices, and leaves their system unattended for long hours without properly logging off, or fails to update their systems promptly.
  • Compromised insider: An employee whose systems and devices have been compromised without their knowledge. The most common compromise method is through phishing emails, or users clicking or downloading from suspicious links.

Indicators of insider threats

It is imperative to look at key indicators to detect the telltale signs of these attacks proactively:

  • Suspicious employee activities: Monitor questionable employee actions, such as unauthorized file accesses or changes, attempts to download large amounts of data, or trying to access the network multiple times outside of business hours.
  • Suspicious data transfer: Lookout for frequent and increased data transfer activities performed by an employee who doesn't have a business need. Investigate by identifying who transferred the files and why.
  • Use of stale and old accounts: Identify and analyze old user accounts showing any kind of activity.
  • Review exposed critical data: Periodically review what and how much of your critical data is accessible to vendors and third parties. Ensure the transfer of data to such parties is safe and secure.

Best practices to fight insider threats

Follow the best practices below to maintain hygiene in your infrastructure and keep insider threats at bay:

  • Establish a baseline behavior for both employees and networks to detect any deviation from the expected regular pattern.
  • Perform periodic and organization-wide risk assessments at regular intervals to identify any vulnerabilities.
  • Implement Zero Trust and the least amount of privilege policy in the organization network.
  • Look for any kind of time, count and pattern anomalies in the user and entity behavior.
  • Enforce strict password and multi-factor authentication policies.
  • Educate your end users about different insider attack scenarios such as phishing emails and scams.

It's difficult to identify and detect insider threats because the malicious actor in such attacks has a legitimate access and privilege to organization’s information systems and data. As compared to an outsider, it's relatively easy for an insider to carry out malicious activities as they don't need to breach any defense perimeters to access the network. It is essential for an organization of any size to develop a formal insider threat management program and keep a close watch on employee and network activity.

Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
  •  
  •  
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks

     
     

© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.