You may think that the notion of insider threats is something from a movie or a conspiracy theory site. However, the reality is that insider threats, while often ignored, pose big security problems for companies of all sizes.
According to the 2016 Verizon Data Breach Investigations Report (DBIR), roughly 80 percent of attacks came from outside threats. However, this number is on the decline with insider threats on the rise, making up 28 percent and 25 percent of attacks over the last two years. But these threats aren’t just malicious actors within your organization. Yes, some might be—for example, employees driven by financial gain, revenge or engaging in espionage. However, the definition of insider threats also includes employees who make mistakes or accidentally let in outside attacks. In its 2016 Cost of Insider Threats Report, Ponemon Institute found 874 insider incidents across 54 organizations. Of those 874 insider incidents, 68 percent were related to negligence while 22 percent were due to a criminal insider and 10 percent were due to stolen IDs or credentials. When you look at it this way, you can begin to see why insider threats aren’t just something you will encounter on the silver screen.
So, what does this look like in real life?
Sometimes insider threats can be an insider who inadvertently leaves the door open to your internal systems.
For the Target data breach in 2014, hackers used a phishing scam to break into the network of one of Target’s refrigeration contractors. When the contractor logged on to Target’s system, that was all the hackers needed to get in and pull information off memory scrapers installed at all Target point of sale devices.
Sometimes insider threats can be a disgruntled employee.
In 2015, Canadian Pacific Railway fired one of their systems administrators. Before turning in his laptop, he deleted files, changed passwords and removed admin accounts. When the IT staff noticed the disruptions, they also found they had been locked out of the system! One reboot and a team of outside consultants later, the company finally fixed the damage that had been done.
Sometimes insider threats can be a malicious actor.
An engineering firm didn’t think too much about one of its employees leaving in 2013 to start his own company. However, this ex-employee continued to log on to the firm’s network, downloading information that was worth almost $425K. It took two years before the access was detected. Even then, it was actually caught by a client. The employee used a proposal to pitch a client that was also pitched by his former employer.
Preventing insider incidents is about knowing what is going on in your company and when. Your workforce can seem like the biggest threat in this regard, but it is actually your greatest asset when trying to prevent and detect insider threats. A workforce educated on cyber risk will make fewer mistakes and be able to keep their eyes and ears open for malicious actors.