Sign up to save your podcasts
Or
Share Insider Threats in Cybersecurity: The Enemy Comes From Within
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Insider Threats in Cybersecurity: The Enemy Comes From Within
People, process, and technology are the pillars of cybersecurity. And while people are every organization's best asset, they are also its biggest weakness. Security technology continuously evolves to counter emerging security threats and new techniques, but there is one threat that can't be thwarted by merely employing new tools and processes. The biggest security threats of today are not the result of malicious attackers, advanced persistent threats, or malware. They come from within.
Let's also consider the current shift taking place in many organizations: working remotely is all the rage right now. And with more and more team members working from home, more devices are accessing your network, along with new technologies and tools being utilized to make at-home-offices function properly.
This blurs the lines between the personal and professional use of devices. We also have to deal with the cloud, malicious attackers at the ready, and the tectonic changes in so many companies' organizational structures. All of this points to a very real and potentially dangerous threat.
According to a recent study by Verizon, 57% of all data breaches were attributed to insider threats within an organization. While outside forces, malicious attackers, ransomware, DDoS and other types of cybercrime are external threats organizations need to watch and prepare for, letting your guard down in the current threat landscape doesn't cut it for organizations who want to be cyber resilient. And just as we said in our article on Zero Trust security, you should trust no one. Even if you believe in your employees and team members, your biggest enemy might be sitting at the table right next to you.
What are insider threats?
**Insider threats** are security risks. Specifically, **the term refers to scenarios where anyone connected to the inner workings of an organization has authorized access to internal systems and networks, and misuses that access to willingly or unwillingly reveal, modify, or remove sensitive data**.
Insider threats are particularly dangerous because, as we can see from the report cited above, they're the main reason behind many data breaches. They can also go undetected for months or even years.
Why are they so hard to detect? Because when someone already has access to sensitive information, it's almost impossible to distinguish whether they're engaging with it in a malicious way or not. And if you have a tech-savvy employee working with that data, covering their tracks isn't hard for them to do.
There are different motivations behind an insider attack, and it can vary from the type of "insider" involved. It could be revenge, exacted by a disgruntled employee. It happens; a lot of people have left companies on bad terms, and might even wish them harm, but there are those who would actually act on it. It could be financial gain, because information is power. Having access to sensitive data like customer and employee information, financial data, even an organization's security practices can all be worth a lot to crackers. And we can't forget about cyber espionage: actors working for outside organizations and competitors can infiltrate your organization and carry out attacks to obtain classified information without you suspecting a thing.
There's one more motivation, and it's tied directly to human nature. It's accidental and unintentional, and when you're dealing with a range of humans from employees to third-party vendors, it might be the hardest one to prevent: a moment of carelessness, which can lead to a security breach.
The 5 types of insider threats
Regardless of motivation, insider threats are a huge risk to all organizations. But by examining different types of motivations, we can recognize different types of insider threats and situations.
1. Negligent employees
While it might be tempting to blame malicious insiders on your premises and finding ways to steal information, the most common insider threat...
View all episodes
By SecurityTrailsPeople, process, and technology are the pillars of cybersecurity. And while people are every organization's best asset, they are also its biggest weakness. Security technology continuously evolves to counter emerging security threats and new techniques, but there is one threat that can't be thwarted by merely employing new tools and processes. The biggest security threats of today are not the result of malicious attackers, advanced persistent threats, or malware. They come from within.
Let's also consider the current shift taking place in many organizations: working remotely is all the rage right now. And with more and more team members working from home, more devices are accessing your network, along with new technologies and tools being utilized to make at-home-offices function properly.
This blurs the lines between the personal and professional use of devices. We also have to deal with the cloud, malicious attackers at the ready, and the tectonic changes in so many companies' organizational structures. All of this points to a very real and potentially dangerous threat.
According to a recent study by Verizon, 57% of all data breaches were attributed to insider threats within an organization. While outside forces, malicious attackers, ransomware, DDoS and other types of cybercrime are external threats organizations need to watch and prepare for, letting your guard down in the current threat landscape doesn't cut it for organizations who want to be cyber resilient. And just as we said in our article on Zero Trust security, you should trust no one. Even if you believe in your employees and team members, your biggest enemy might be sitting at the table right next to you.
What are insider threats?
**Insider threats** are security risks. Specifically, **the term refers to scenarios where anyone connected to the inner workings of an organization has authorized access to internal systems and networks, and misuses that access to willingly or unwillingly reveal, modify, or remove sensitive data**.
Insider threats are particularly dangerous because, as we can see from the report cited above, they're the main reason behind many data breaches. They can also go undetected for months or even years.
Why are they so hard to detect? Because when someone already has access to sensitive information, it's almost impossible to distinguish whether they're engaging with it in a malicious way or not. And if you have a tech-savvy employee working with that data, covering their tracks isn't hard for them to do.
There are different motivations behind an insider attack, and it can vary from the type of "insider" involved. It could be revenge, exacted by a disgruntled employee. It happens; a lot of people have left companies on bad terms, and might even wish them harm, but there are those who would actually act on it. It could be financial gain, because information is power. Having access to sensitive data like customer and employee information, financial data, even an organization's security practices can all be worth a lot to crackers. And we can't forget about cyber espionage: actors working for outside organizations and competitors can infiltrate your organization and carry out attacks to obtain classified information without you suspecting a thing.
There's one more motivation, and it's tied directly to human nature. It's accidental and unintentional, and when you're dealing with a range of humans from employees to third-party vendors, it might be the hardest one to prevent: a moment of carelessness, which can lead to a security breach.
The 5 types of insider threats
Regardless of motivation, insider threats are a huge risk to all organizations. But by examining different types of motivations, we can recognize different types of insider threats and situations.
1. Negligent employees
While it might be tempting to blame malicious insiders on your premises and finding ways to steal information, the most common insider threat...