As the threat landscape continues to grow and shift and cyberattacks continue to rise, many companies are looking for new ways to defend themselves against bad actors, nation-states, and competitors trying to hack their systems and steal intellectual property. One major threat organizations may not be on top of is the one that lurks within their company — insider threats.
It’s estimated that 60% of data breaches are caused by insider threats, and a study by the Ponemon Institute found that companies with a headcount below 500 were spending an average of $8.13 million to deal with the consequences of an insider incident. The same study showed that insider threat incidents have risen 44% between 2020 and 2022. So, unless a company wants to pay up dearly, it’s clear that the insider threat risk needs to be addressed.
Last year, Mailchimp and Yahoo fell victim to insider attacks of multiple types. The Yahoo incident involved an employee who stole intellectual property before taking a job with a competitor, while the Mailchimp breach was caused by a phishing attack that tricked employees into accidentally exposing their credentials.
While nefarious employees (or ex-employees) may be the flashier compromises, it’s the second attack that business owners should really worry about. Insider attacks led by malicious employees only account for 26% of all insider threats, but roughly 56% of attacks are caused by employee or contractor negligence.
So what can you do to keep an insider attack from happening? We’ve assembled a guide to insider threats that gives you important information on how to mitigate those risks and secure your organization, your intellectual property, and your customer data.
Understanding Insider Threats
To complete their day-to-day work, employees need access to a number of systems — that access is very important to threat actors. Your employees are also prone to human error and that’s what many threat actors rely on to create the risk of insider threats.
Generally speaking, insider threats come in two forms: malicious risks and risks that come from negligence. Both can be equally damaging and both can be prevented using similar tactics.
Malicious insider threats
Malicious insider threats are often what’s thought of when insider threats are brought up. These are deliberate, targeted attacks during which an employee (or former employee) knowingly compromises their employer/ex-employer. These types of attacks can occur immediately after people are fired, but while they still have access to various systems. However, they can also happen during active employment. Staff members may have a personal vendetta with a higher-up, feel they were unfairly passed over for a promotion, or may be compromised by a competing company or a state-sponsored threat actor. Sometimes, malicious insider threats have nothing to do with a frustrated employee, but rather an employee who knows they may be able to sell access and company data to the highest bidder.
These disgruntled or greedy employees steal customer data or intellectual property directly from internal systems, drop malware or ransomware into their company devices, or sell credentials of various internal accounts. Regardless of the tactic used, these attacks can be incredibly damaging.
Negligent insider threats
The second type of insider threat refers to employees who may compromise a company due to negligence or even an honest mistake. These attacks are not intentional or targeted, but they can be just as detrimental. While it’s easy to blame an unknowing employee, there are often organizational reasons a company is exposed to this kind of insider threat.
Companies that don’t prioritize cybersecurity training can wind up with a workforce that knows little to nothing about security best practices. These people may fall prey to a phishing email that asks them to wire money to a known vendor, update their password on a fake website, or even asks them to click on a link that downloads malware onto their device.
With more employees working remotely on networks that aren’t secure, phishing attacks on businesses have risen significantly in recent years. Some of the most financially damaging attacks are business email compromise (BEC) attacks that result in lost funds. The FBI reported nearly 20,000 BEC complaints in 2021.
Negligent insider threats can also be caused by employees who ignore account security and use easy-to-guess passwords, use the same password for multiple accounts, or don’t enable multi-factor authentication. This makes credential stuffing and account takeover attacks easy for hackers, resulting in unauthorized access and a potential data breach.
Finally, insider threats can be the result of poorly managed account access on the company side. Too often, employees have privileged account access they don’t need or access to accounts they don’t use. This, in turn, offers more opportunities for hackers to break into a given system. Employees should only have access to the accounts and data they need to complete their jobs. Additionally, organizations should track account access, so executives and security teams know who has access to which data.
How Organizations Can Protect Themselves Against Insider Threats
Insider threats may seem difficult to protect against. After all, you can’t keep employees from becoming disgruntled or making mistakes. However, with some fundamental cybersecurity best practices and controls, you can mitigate the risk of insider threats.
Manage account access
One easy way to protect your data is to reduce the number of employees with access to your sensitive data. Make sure access is limited to those who truly need it and set up privileged accounts and privilege account abuse detection to know if an account is accessing privileged information at odd hours or exfiltrating data when it shouldn’t. You should also make multi-factor authentication a requirement for all accounts to minimize the risk of stolen credentials leading to an account takeover attack.
Invest in cybersecurity training
To lower your risk of negligent insider threats, invest in comprehensive cybersecurity training for all employees. This training should address phishing and BEC attacks, the importance of strong passwords and multi-factor authentication, as well as email and social media security best practices. Your program should also include ongoing tests for employees to determine where vulnerabilities lie and reinforce the lessons learned during the initial instructions. Conduct a training at least once a year to address any new tactics and threats being used by hackers.
Work with HR to establish termination protocols
Despite your best efforts, there will be some hard feelings involved when it comes to terminated employees. While you can’t prevent the frustration, you can cut off that employee’s access to company accounts before it becomes dangerous. Security teams should work with HR to ensure that cybersecurity is looped into the termination process. As soon as a person is terminated, he or she should no longer have access to any company accounts.
You may also want to work with HR to analyze your company’s turnover rate. If it’s high, that may be a sign of a toxic culture that could put your organization at a higher risk of malicious insider threats.
Consider a managed security partner
Protecting against insider threats is similar to protecting against outside attacks, especially considering that a majority of insider attacks start with a prompt from an outside bad actor. Protection comes down to good security tools, practices, and processes. One of the easiest (and most effective) ways to ensure your organization is safe, is to work with a managed security partner.
A managed security provider can set up the appropriate controls for identity and access management, run your company’s ongoing cybersecurity training, and provide their own cybersecurity tech stack. This will give your organization proactive detection and response tools that identify suspicious behaviors indicating a compromise as a result of an insider attack, or mitigate the damage and improve recovery if a breach does occur.
Protect Your Organization from Insider Threats with a Fully Managed Security Program
Inside threats can be difficult to avoid because they deal with human error and emotion. The best defense is a comprehensive cybersecurity strategy that protects your data. You need technology that alerts you when suspicious activity is detected and processes that ensure the damage of an insider attack is limited. While this may feel like a daunting task, it’s made easy with the right managed security partner.
SolCyber is revolutionizing the security space by offering comprehensive outsourced security programs to small- and mid-sized businesses with a simple pricing model. For a per-month, per-user fee, you’ll get 24/7 monitoring and response services as well as our Foundational Coverage, which includes all the security technology you need and nothing you don’t.
If you’re ready to protect your organization from insider threats, reach out to the SolCyber experts today.