GlobalSign Blog

Insider Threats: The Danger Inside Organizations

Insider Threats: The Danger Inside Organizations

Cybersecurity threats impact companies and organizations daily, and with the rise of technology comes threats from all over the digital sphere. The insider threat is not a new phenomenon. Incidents of trusted insiders of organizations exploiting and sabotaging their own companies are prevalent throughout human history. Recently, insider threat incidents were receiving heightened attention and making numerous headlines because of these high-profile incidents: Capital One breach incident carried out by a single insider in 2019; Tesla’s data exfiltration caused by a disgruntled employee in 2018; and many others. These incidents are proof that sometimes, the biggest threats come from within—even our most seemingly dependable employees. However, not all insider threats are intentional and planned out. Sometimes, they are caused by complacent individuals who lacked proper training and did not follow work protocols and security policies. The account breach of Anthem’s Personally Identifiable Information (PII) in 2015 happened because some of the targeted employees of the company fell for a phishing email containing links to malware; due to this, around 78.8 million records were exposed. These incidents open opportunities for others to breach the security defense system, both virtual and physical. Companies are more worried about inadvertent insider breaches (71%) and negligent data breaches (65%) than they are with malicious intent by bad actors (60%), and much less about compromised accounts or machines (9%).

Intentional or not, insider threats carry a significant impact on an organization’s trustworthiness, reputation, reliability, safety, and credibility. Thus, such incidents deserve the attention of leaders in all industries to lessen their impact, so that organizations are equipped to effectively respond to these emerging threats. One of the challenges businesses face today is protecting their assets in a virtual environment which are vulnerable to attacks both inside and out.

What Exactly is an Insider Threat?

Insider threat is the holistic and multi-layered nature of how individuals interconnect with the organizations they work for or partner with. Basically, an ‘insider’ is someone who possesses some information or knowledge that can affect a company if this information was shared or leaked.

The insider threat is the potential for an insider to harm an organization by leveraging his or her privileged level of knowledge and/or access.

Insider threats can be summarized into these 3 drivers:

  • Malicious Intent - Employees who intentionally misuse and exploit their special access to cause harm to their company or colleagues;
  • Negligent - Employees whose weak approach to protocols, procedures, and data security exposes external threats to the company; and
  • Accidental/Ignorance - Employees whose lack of awareness of protocols, procedures, and data security exposes external threats to the company.

To protect the organization’s employees, facilities, systems, and data, insider threats should be prioritized and be viewed as a shared responsibility, where adapting a balanced and integrated approach is seen as critical in ensuring the safety of both the people and organization. The goal is not to prevent these things from happening entirely, as that may seem too idealistic, but rather to mitigate the impact and minimize its probability.

Developing a Secure Workforce

A notable prevention to insider threat is the development of a securely managed workforce. Each organization is faced with different protocols to these problems, and there is no one-size-fits-all rule to this kind of approach. However, it is imperative for all organizations to consider the pillars of providing a holistic, risk-based approach to prevent insider threats:

  • Technology – utilization of modern technologies to prevent, detect, and report on potential incidents
  • Business Process – implementing business processes to react and escalate leads and analyze trends to improve overall program
  • Training – developing and maintaining a robust training curriculum and security awareness program
  • Policy – drafting, enforcing, and regularly updating insider threat policies adhered to by employees and contractors

These pillars can be the foundation of proactive prevention, detection, and response program to protect an organization’s personnel, data, and facilities from insider threats.

GlobalSign publishes blog posts about different topics involving online security and identity. We also offer comprehensive certificate management such as S/MIME for email encryption and added safety to protect emails from unwanted access, as well as a range of cost-effective SSL options ensuring your public servers and sites are in line with industry best practices. To learn more about the services we offer, you may visit our official website.

 

Share this Post