There is a saying that goes thus, “A man’s enemies are those of his own household.” This reinforces what many are beginning to realize – insider threats are a bigger danger to enterprise security than external forces are.
Insider threats are negligent or malicious activities carried out by employees, contractors or associates in an organization. Insider threats are any cybersecurity hazard and vulnerability that arise either due to employees’ maliciousness or carelessness, whether that be someone falling for a phishing attempt or risking security by reusing generic passwords across different sites and applications.
A number of individuals affiliated with an enterprise can pose a threat; they include a negligent employee or contractor, a criminal or malicious insider or a credential thief. They can also emerge from ex-employees or third-party vendors with technical knowledge of an organization’s systems. Insider threats are every bit as scary as they sound and are rising. Therefore, it is extremely worrisome that these cybersecurity threats to organizations are under-addressed, especially when compared with external threats.
The financial implications for insider threats also need to be considered. According to a study conducted by the Ponemon Institute and sponsored by ObserveIT and IBM, the average global cost of insider threats rose by 31% in two years, from $8.76m in 2018 to $11.45m in 2020; the frequency of these incidents also spiked by 47% during the same period. Additionally, the study highlighted that organizations’ highest overall cost center is containment, at an average of $211,533 per company annually.
Insider threats are a significant hazard to enterprise cybersecurity and may play out in many different forms, some of which are discussed below.
1) Insiders with Malicious Intent
The traditional instance of insider threats is dishonest employees ready to sell out or betray their employers – these range from employees who have become disgruntled or unhappy because their needs have not been met to those who see an opportunity to gain financially by compromising the company’s security.
They could also be individuals placed in the company to get information or even have received payment from the criminals in exchange for data, files and trade secrets. These are extremely dangerous because there is no reason to suspect them. They might sell their login credentials online or take advantage of an innocent yet careless employee by getting their login information and hacking into their accounts.
2) Misconfigured Systems
Insider threats can often be much more serious than negligence or employee errors. Mistakes on the architecture and engineering side can expose vulnerabilities and leave enterprises open to cyber-attacks. Common examples include storing all organizational passwords on a single credential store or misconfiguring a cloud computing web server.
3) Phishing or Ransomware Scams
When employees aren’t given adequate cybersecurity training, they tend to fall victim to phishing and ransomware scams. Phishing remains prevalent because it works so well. In fact, 90% of information technology professionals revealed that they had experienced phishing attacks in a 2021 report. It is especially dangerous nowadays because hackers have become more educated.
Ransomware attacks are often considered insider threats because many get into enterprises through phishing scams or network vulnerabilities left open by poor security. For example, healthcare providers have become chronic targets, as they house lots of personal data yet sometimes employ less advanced security measures due to tight operating budgets.
4) Security Fatigue and Negligence
Security rules and guidelines might sometimes seem too burdensome and inconvenient. This causes employees to experience security fatigue – becoming exhausted with cybersecurity apps and policies and taking easier, albeit riskier, decisions regarding their cybersecurity. The primary example of this is password fatigue – using the same passwords with little or sometimes no variation on multiple online accounts is common across all industries.
Storing many complex and different passwords is frustrating to most employees, so they turn to the easier route. This is a serious form of employee negligence, as a leaked or stolen password could grant hackers easy access to the company network. This demonstrates how enterprises deploying security technology that fails to consider ease of use and convenience causes individuals to take the easier, less secure route, which is the opposite of what enterprises aim to achieve.
Whether by malice or by negligence, insider threats obviously cannot be solved by technology alone. Enterprises need to set up a threat management program that combines people, methods and technology to identify potential threats and prevent incidents within the organization. Only then can we hope to reduce the losses caused by insider threats.