Today, the risk posed by having sensitive information leaked to the wrong hands is pervasive. Technology has made the storage, accessibility, and shareability of information greater than ever, but the possibility of that information being made available to parties or entities they were not intended for is similarly increased. Films and TV have conditioned us to look outside of our organizations — specifically, at hackers — for these threats.
However, these kinds of risks to your business are more likely to come from within. Insider threats are a breach of security that’s caused by someone who has authorized access to your systems or has knowledge about your company’s security protocols. This often includes employees, but it can also include business partners and affiliates who at some point have had access to your organization’s confidential information.
To protect your business, we’ve compiled everything you need to know about insider threats.
Types of insider threats
Insider threats come in the form of two broad types. Malicious threats refer to those wherein the act of breaching the organization’s security is perpetrated with deliberate intent. In these cases, the objective is usually intellectual property threat, sabotage, or fraud. Examples include a disgruntled employee stealing information or digital assets after quitting or being fired, and leaving malicious software in the organization’s computer systems.
Alternatively, inadvertent threats are breaches to security that result from the carelessness or bad judgment of those within an organization. In some cases, this insider threat is the mechanism through which external agents act to achieve their goals. Common examples include opening phishing emails, using generic passwords, or accessing cloud files through an unsecured Wi-Fi network.
Stopping insider threats
Identifying and blocking insider threats is often more difficult than with external ones due to the level of access available to internal parties. For example, when using security information and event management (STEM) software, insider threats such as an employee using their login credentials to hack your network is unlikely to trigger an alarm, as compared to an external hacker attempting to do the same.
The strongest defense is to continuously monitor user activity and be aware of signs of suspicious activity, such as unusual data transfer rates or attempted access to files from remote locations. Online Computers, as your threat intelligence service provider, can leverage its specialized technology and tried-and-tested methods to zero in on possible threats, allowing your business to deal with them appropriately.
Access privileges must be heavily regulated to limit the sensitive information each employee has access to. For instance, those in the marketing department shouldn’t be able to access classified payroll and proprietary records. Also, when someone’s employment is terminated, make sure to decommission their user accounts as soon as possible. This mitigates the risk of sabotage and data leaks caused by disgruntled staff.
Meanwhile, comprehensive security training is crucial for dealing with inadvertent threats. Teach employees to develop a healthy suspicion of every email, file attachment, and website they come across. Chances are, if unsolicited messages from seemingly legitimate companies are urging employees to click on a link, your staff should immediately know to avoid and delete them.
In addition to phishing training, employees should also understand the importance of setting long and unique passwords across their accounts and avoiding free public Wi-Fi hotspots, which are often a hotbed for cybercriminal activity.
Examples of insider threats
- Inadvertent phishing attack
In March 2011, over 40 million employee records from the RSA, a security company owned by tech giant EMC, were compromised due to RSA employees clicking on a phishing link sent by email. The hackers, in this case, had tricked the employees by posing as trusted colleagues or stakeholders within the organization.
- Malicious third-party attack
In 2013, retail giant Target had the credit card data of its customers stolen in a highly publicized incident. The incident occurred because a third-party vendor contracted by Target had been granted the credentials to critical systems despite the lack of an appropriate use case. These credentials enabled the hackers to infiltrate Target’s payment systems and install the malware that resulted in the breach.
- Malicious employee attack
Between 2014 and 2015, personal data from over 18,000 Medicare members were leaked from Anthem, a health insurance provider. The data included such sensitive information as Medicare IDs, member names, and social security numbers. It was found out years later, in 2017, that the leak happened because an employee with access to this information had been emailing it to their personal address.
As these examples will attest, insider threats are not only very real, but they can come in all shapes and sizes, and can result in dire financial or reputational consequences for your business. It’s more important than ever that you take steps to identify and protect yourself against such threats. Read our free eBook: 3 Cybersecurity solutions your business must have to learn what it takes to prevent data breaches.