Did you know that the term insider threat encompasses more than just your typical thieving employee? An inside threat could be a business associate, a former employee or anyone else who has managed to gain inside access despite security measures.
In this article, we are going to examine the most common cyber threats found within organizations and investigate what you can do to minimize those risks and how to improve data security at the same time.
Insider Threat – What Is It?
As the name suggests, an “Insider Threat” is a security risk that comes from the inside. From the inside of an organization, to be more precise. And it’s usually a person. So this might be an employee or ex-employee or even a business partner. But it isn’t the fact that these people have access to sensitive data that makes them potentially dangerous. It’s is that no one thinks of them as potential risks in the first place. The risk they pose is simply overlooked.
Most companies focus their security concepts and measures on external attacks, such as hackers, but they fail to acknowledge the risk of internal perpetrators – with often dramatic consequences.
Insider Threat – A Real Risk?
According to Verizon’s Data Breach Investigations Report of 2019, 36% of data abuse cases are committed by insiders. Internal offenders are responsible for 34% of incidents in the public sector and no less than 54% of incidents in the health care sector. The latter figure is particularly alarming and illustrates an issue that is often picked up on by the media:
An incident that occurred in The Hague perfectly reflects the problem: in this case, hospital staff gained access to a prominent patient‘s personal and confidential data, which led to the hospital to being fined € 460,000 for violating the GDPR.
Who Is a Potential Insider Threat?
Individuals who may turn into potential insider threats usually have access to confidential business information. The data is then obstructed due to reckless or negligent behavior. There are three types of internal perpetrators:
1. The Malicious Insider
A person with malicious intent who deliberately exploits access privileges to steal information. The Malicious Insider’s motivation is financial or personal gain. This could be an ex-employee with a grudge against his former boss, or it might be someone who simply wants to sell secret information to competitors. Insiders have an advantage over external attackers (e.g. hackers) because they are familiar with internal security policies and procedures and are aware of the company’s weaknesses.
2. The Mole
The Mole is a scammer who has somehow managed to gain access to a privileged network within the organization. It is an outside person, posing as an employee or partner, who has tricked the company into providing him/her with access to sensitive data
The Mole’s intent from the start is to abuse privileges and to steal and/or sell data and/or use it for other malicious purposes.
3. The Careless Insider
Surprisingly, this is the most common type of insider threat: an innocent person – possibly your most loyal worker – who unintentionally jeopardizes the company’s safety by clicking on an unsafe link in a phishing email and thereby infecting the entire system with malware.
Preventing Inside Threats: 4 Common Scenarios
1. Data theft through remote access software
Scenario: In times of CoVid, many companies are now allowing their staff to work from home via remote access. The problem: The risk of being caught stealing data is much lower when done remotely rather than physically at the office.
Tip: Tighten security controls for certain functions and system access. Review your system configurations and assess which settings can improve your management, reporting, and security. Solid file and file serve privileges are equally as important as maintaining protocol on operating systems and applications.
Attacks are likely to occur outside of business hours. It is therefore advisable to consider limiting the hours for when remote system access is permitted.
2. Partners and suppliers as potential threats
Scenario: Many organizations “stockpile” access privileges to essential systems and data and even pass them on to contractors, freelancers, clients, vendors and/or service providers. Although this might be convenient, it puts your sensitive data at serious risk.
Tip: Apply an access management strategy to limit the access rights of your partners according to the principle of least privilege (also known as Need to know principle). Larger enterprises should consider implementing an identity and access management software. This will help prevent outsiders from getting privileges to access data they do not need to perform their job tasks.
Furthermore, you should regularly review third-party accounts to ensure that permissions are withdrawn once the associated work has been completed. An access management software such as tenfold will conduct these so-called user access reviews automatically.