Insider Security Threats

An insider IT Security threat refers to a security risk originating inside an organization. The long term shift to a remote work environment increased insider threats dramatically last year. An insider security breakdown falls into three categories. The largest security threat comes from employee neglect or error at 61%. Attacks with stolen credentials are also considered insider threats, but malicious insiders make up 14% of insider attacks. These are employees who are knowingly downloading or distributing proprietary company data for profit or gain.

Malicious insiders act for various reasons, but the top of the list is money. A 2020 Verizon breach investigation report showed malicious insiders sold data for money, attacked their company for revenge, or in some cases were malicious just for fun. Many employees download privileged information before leaving or after being dismissed from a job. Surveys show in some industries this practice occurred almost 50% of the time.

The other main category of insider threats is employee neglect. In this category employees are mishandling company data either because they didn’t receive correct training, or because it’s easier not to follow policies and controls. Working from home has exacerbated the possibility of abusing company data in this category. Some examples of data misuse are forwarding privileged data to a personal email address and printing privileged data to a personal printer. These are issues that an office firewall and document destruction policy were able to reasonably control in the past, but remote work is making the job more challenging.

In the first graph below from Statista we can see the largest vector of insider threat is data exfiltration. In the second graph we see data exfiltration is largely accomplished by forwarding that data to a personal email address. However, many other behaviors are used including cloud collaboration tools and misuse of removable devices like a USB stick.

There are steps business owners can take to protect against insider threats. Training is at the top of the list. Many employees in the ‘neglect’ category are there because of a lack of training. A business owner must have clear policies and controls and communicate them often. Another simple step is to follow the principle of least privilege. Employees should only have access to the data they need to perform their job function. Remote work and the move to cloud collaboration tools has opened up many employees to data they did not have access to in the office.


Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright