August 9, 2022
Is Your Company’s Data Vulnerable to “Insider Threats?”
Insider threats are an increasing challenge for companies around the world. Because they differ from the traditional way companies often think about cyber threats, they sometimes fall off the radar. As a result, companies don’t have proper procedures to mitigate and prevent them. Here’s what you need to know to keep your company safe from insider threats.
What Is an Insider Threat?
Insider threats are often the most damaging security events that a company can experience. Unlike threats from the outside, insider threats generally stem from employees, independent contractors, and external vendors who have access to internal company data. If an employee or other authorized user copies and leaks private data, an insider threat has transformed into an insider breach.
Some security researchers also consider unauthorized access via valid employee credentials an insider threat. For example, hackers who access a company’s systems via a phishing attack could be categorized as an insider threat, though this classification isn’t universally accepted. In short, an insider threat occurs when an employee or other authorized user makes an intentional decision or an honest mistake that creates the risk of a data breach.
Why Are Insider Threats Hard to Stop?
The critical reason insider threats are hard to stop is that they come from within the company instead of without. Ordinary and generally effective security measures often focus on external threats, and don’t always do much to prevent an insider threat. Generally, if an employee is motivated to leak data from the company, it will be almost impossible to stop them from doing so. Even with perfect access controls and security policies in place that prevent the copying of data to unauthorized locations, if they wanted to, an employee could copy information down by hand and carry it out in a briefcase.
Consequently, preventing an insider threat from becoming a breach lies not in security, but in employee motivation. A poorly motivated or dissatisfied employee is far more likely to leak information intentionally, and security policies can’t fix that issue. Furthermore, honest mistakes can create breaches. An employee may use an unsecured Google Drive or iCloud account to move work between the office and their home, creating attack vectors that the company is unaware of but is simple for attackers to exploit.
Likewise, if an employee falls victim to a phasing attack, many types of security short of full zero-trust implementation will not be able to stop the breach. In theory, phishing attacks are preventable, but they require high-quality employee security training that not all companies have. Like with intentional leaks, leaks that result from phishing attacks result from a mental error that an employee makes. This makes insider threats challenging to prevent, as employee motivation, security training, and ethical behavior all require trained regular and consistent training over time, and can’t be installed instantaneously like a security tool.
Why Are Insider Threats Becoming More Common?
In the past, workers might spend their entire careers at a single company. Those days are long gone. The median number of years employees spend at a single company is just 4.1. And for younger employees, those 25 to 34 years old, that number is just 2.8 years. That means that employee loyalty is at an all-time low.
Furthermore, leaks have moved into the mainstream. With websites like WikiLeaks that post data stolen from governments and businesses, there’s an easy path for employees to steal and leak data, sometimes anonymously.
Finally, we’re in the middle of the Great Resignation. People are leaving their jobs at historically high rates, which means more turnover, and a tougher time vetting new hires. Right now, it’s a perfect storm for leakers: low loyalty, poor vetting due to massive hiring needs, and easy availability of avenues in which to leak data.
What Are the Effects of an Insider Breach?
The sad fact about insider breaches is that they are often more harmful than those perpetrated from the outside. While a hacker accessing the system from the outside may be after specific data, often they’re out to get as much data as possible, no matter the quality. On the other hand, an employee has a far better sense of what documentation would be financially damaging, embarrassing, or likely to put pressure on the company if leaked.
The effects of insider breaches can be wide and varied. If trade secrets are leaked, there may be a direct loss of income or competitive advantage. Stock prices of companies with breaches tend to be lower than the market by about 15.58 percent three years after the breach occurred. Customers also tend to mistrust companies with data breaches, especially if the breach included personal data.
What Should You Do to Prevent Insider Threats?
While there are technological security steps a company can take to reduce insider threats, it’s essential to include your HR department in the conversation. Disaffected employees are more likely to intentionally leak information, while undertrained ones are more likely to leak information accidentally. Working with HR to identify both kinds of employees is the first step in crafting policies that combat insider threats.
However, while technology can’t prevent insider leaks from happening, it can do a ton to help reduce the damage those leaks cause. Access Rights Automation can ensure that your employees only have access to the information they need to do their jobs, limiting the scope and damage caused by a single breach. Similarly, Dynamic Data Masking can show only the required information from a record on a case-by-case basis, making it ideal for situations where different employees need differing access.
Finally, Database Activity Monitoring can help your company detect improper access before it becomes a problem. If an employee is accessing or attempting to access data that isn’t part of their responsibilities, then one possible explanation is that they’re planning to leak information. In that scenario, database monitoring gives your team the opportunity to proactively intervene before the breach ever occurs.