Insider Threat

Did you know that the term insider threat encompasses more than just your typical thieving employee? An inside threat could be a business associate, a former employee or anyone else who has managed to gain inside access despite security measures.

In this article, we are going to examine the most common cyber threats found within organizations and investigate what you can do to minimize those risks and how to improve data security at the same time.

Contents (show)

Insider Threat – What Is It?

As the name suggests, an “Insider Threat” is a security risk that comes from the inside. From the inside of an organization, to be more precise. And it’s usually a person. So this might be an employee or ex-employee or even a business partner. But it isn’t the fact that these people have access to sensitive data that makes them potentially dangerous. It’s is that no one thinks of them as potential risks in the first place. The risk they pose is simply overlooked.

Most companies focus their security concepts and measures on external attacks, such as hackers, but they fail to acknowledge the risk of internal perpetrators – with often dramatic consequences.

Insider Threat – A Real Risk?

According to Verizon’s Data Breach Investigations Report of 2019, 36% of data abuse cases are committed by insiders. Internal offenders are responsible for 34% of incidents in the public sector and no less than 54% of incidents in the health care sector. The latter figure is particularly alarming and illustrates an issue that is often picked up on by the media:

Many hospitals are still far from effectively implementing the measures for data protection as stipulated by the GDPR (General Data Protection Regulation).


An incident that occurred in The Hague perfectly reflects the problem: in this case, hospital staff gained access to a prominent patient‘s personal and confidential data, which led to the hospital to being fined € 460,000 for violating the GDPR.

Who Is a Potential Insider Threat?

Individuals who may turn into potential insider threats usually have access to confidential business information. The data is then obstructed due to reckless or negligent behavior. There are three types of internal perpetrators:

1. The Malicious Insider

A person with malicious intent who deliberately exploits access privileges to steal information. The Malicious Insider’s motivation is financial or personal gain. This could be an ex-employee with a grudge against his former boss, or it might be someone who simply wants to sell secret information to competitors. Insiders have an advantage over external attackers (e.g. hackers) because they are familiar with internal security policies and procedures and are aware of the company’s weaknesses.

Insider Threat

2. The Mole

The Mole is a scammer who has somehow managed to gain access to a privileged network within the organization. It is an outside person, posing as an employee or partner, who has tricked the company into providing him/her with access to sensitive data

The Mole’s intent from the start is to abuse privileges and to steal and/or sell data and/or use it for other malicious purposes.

3. The Careless Insider

Surprisingly, this is the most common type of insider threat: an innocent person – possibly your most loyal worker – who unintentionally jeopardizes the company’s safety by clicking on an unsafe link in a phishing email and thereby infecting the entire system with malware.

Preventing Inside Threats: 4 Common Scenarios

1. Data theft through remote access software

Scenario: In times of CoVid, many companies are now allowing their staff to work from home via remote access. The problem: The risk of being caught stealing data is much lower when done remotely rather than physically at the office.

Tip: Tighten security controls for certain functions and system access. Review your system configurations and assess which settings can improve your management, reporting, and security. Solid file and file serve privileges are equally as important as maintaining protocol on operating systems and applications.

Attacks are likely to occur outside of business hours. It is therefore advisable to consider limiting the hours for when remote system access is permitted.

2. Partners and suppliers as potential threats

Scenario: Many organizations “stockpile” access privileges to essential systems and data and even pass them on to contractors, freelancers, clients, vendors and/or service providers. Although this might be convenient, it puts your sensitive data at serious risk.

Tip: Apply an access management strategy to limit the access rights of your partners according to the principle of least privilege (also known as Need to know principle). Larger enterprises should consider implementing an identity and access management software. This will help prevent outsiders from getting privileges to access data they do not need to perform their job tasks.

Furthermore, you should regularly review third-party accounts to ensure that permissions are withdrawn once the associated work has been completed. An access management software such as tenfold will conduct these so-called user access reviews automatically.

While you’re here – why don’t you sign up for our webinar?

“Top 5 Access Management Risks” –
by Helmut Semmelmayer, tenfold Software

Register for free

Helmut Semmelmayer

While you’re here – why don’t you sign up for our webinar?

“Top 5 Access Management Risks” –
by Helmut Semmelmayer, tenfold Software

Register for free

3. Data Lost through e-mails and instant messaging apps

Scenario: An employee shares confidential information via email or an IM app, causing the information to fall into the wrong hands. 

Tip: One of the most effective measures to intercept confidential information leaving the network is to set up a network analyzer that filters key words, attachments, etc. Client-based or server-based content filters are able to intercept and block outgoing confidential information.

Another threat that comes through emails and messaging apps are phishing scams and other social engineering schemes. Ensure that your staff are sufficiently educated on the subject of IT security and invest in the appropriate trainings. This will help to further reduce the risk of your workers becoming insider threats due to ignorance or negligence.

4. Unsafe File Sharing

Scenario: While file sharing software such as Dropbox or Google Drive are very practical, they unfortunately also open the floodgates to data abuse. The tools themselves are not the issue here, but the way they are being used. One wrong configuration and your confidential data could easily fall into the wrong hands.

Tip: Steer clear of unsafe file-sharing services and instead opt for secure tools such as SharePoint Online, which allows you to stay in control at all times.

In addition to controlling who in the organization has access to files and folders located on shared resources (e.g. by setting share and/or NTFS permissions), you should also work with access-based enumeration.

[FREE WHITEPAPER] Best practices for access management in Microsoft® environments

Read our white paper to learn how best to treat access rights in Microsoft® environments.

Go to download

[FREE WHITEPAPER] Best Practices for Access Management in Microsoft® Environments

Read our white paper to learn how best to treat access rights in Microsoft® environments.

Go to download

Centralized Access Management to Reduce Insider Threat

Remember: Internal perpetrators can only compromise data they have access to. The best way to effectively mitigate the risk posed by insiders is therefore to implement a centralized access management concept.

Make sure you are in control over who has access to what information in your organization. Apply the principle of least privilege to reduce privileges to a minimum – and don’t forget to review them regularly.

Organizations of a certain size are well advised to find ways that automate processes involved in the management of access rights. For this purpose, tenfold has standardized such processes and uses a so-called profile system, which must be defined only once upon implementation. The software then assigns default rights to users automatically, based on user attributes such as department or job title. It does this for all connected systems (e.g. Active Directory®, SAP ERP®, etc.).

tenfold further compares existing privileges with the profiles you have set up and takes away any unnecessary privileges. If you would like to learn more about tenfold or witness the software in action, you can download our product info or request a free trial.