The Inside Scoop: Types of Insider Threats in Cybersecurity

The types of insider threats in cybersecurity might surprise you. You might be inclined to think that the greatest risks posed to your organization are the result of malicious intentions, when in reality, exposure caused by the negligence of partners and/ or employees can be equally or even more damaging.

While no one wants to think that contacts close to them could be the perpetrators of cyber-crime, insider threats are an unfortunate reality for organizations that have any sort of valuable information or data, which, of course, includes most businesses.  That said, there are steps you can take to limit and protect against insider threats. Below we dive into the different types of insider threats in cybersecurity, as well as how to prevent and contain them.

Before we begin, it’s important to realize that insider threats are exceedingly common; more than half of organizations experienced an insider threat in the last year. To prevent and minimize the effects of these omnipresent risks, one must first understand what comprises an insider threat before implementing a layered cybersecurity posture that includes elements of behavior training, policies, and technology such as Managed Detection and Response.

What Is an Insider Threat?

Insider threats are risks that most organizations don’t like to talk about; after all, it’s a sensitive topic and can be an uncomfortable conversation. These threats can come from many different and unanticipated vulnerabilities. The threat may originate from within your organization or come from a third-party with access to sensitive data. Because human behavior is impulsive and our responses can be emotional, insider threats tend to be unpredictable in nature.

The Cyber and Infrastructure Security Agency (CISA) defines an insider threat as someone who uses their authorized access, wittingly or unwittingly, to harm the organization’s mission, resources, personnel, facilities, information, equipment, networks, or systems.

Insider threats can negatively affect business continuity and profitability, in addition to having consequences like data loss, IP theft, lost clients, and damage to the brand’s reputation.

Types of Insider Threats in Cybersecurity

Unintentional

One type of unintentional cyber-threat stems from negligent behavior, such as letting sensitive information, documents, and files remain accessible during non-work hours. Tools like data privacy training and clean desk policies can prevent this type of behavior. Though simple, a clean desk policy ensures employees clear their desks at the end of each day, removing all papers from view, securing confidential information, or shredding data when necessary.

Negligent employees can also become an insider threat when they don’t follow established cybersecurity protocols and procedures. For example, an employee might engage with shadow IT, which is the use of information technology systems, devices, software, applications, and services without explicit IT department approval. When these types of applications are used under the organization’s radar, there’s no way for the organization to track or protect against the risks that come with these unknown entities.

Insider threats can also be accidental, such as clicking on a phishing email that looks like it’s coming from a vendor or customer. They also can arise from complacency or human error, such as a code misconfiguration. One mindset is to only provide employees with the privileges or permissions they need to do their jobs to avoid the potential for unintentional loss of data. Also referred to as the least privilege principle, employees only have access to what they need to complete their daily tasks. To combat threats posed by accidental actions, we recommend social engineering awareness training, including phishing simulations that condition your team to recognize and evade email attacks.

Consistent social engineering training is the key to spotting a phishing email. Find out how to implement a successful employee security awareness program within your organization.

Intentional

Intentional insider threats are malicious in nature and include espionage, terrorism, IP theft, fraud, and more. Disgruntled workers may become bad actors by engaging in sabotage or seeking revenge against their former (or current) employer.

Third-party

Cybersecurity risk has expanded, and unfortunately supply chain and third-party software providers are not immune. Cyber-breaches can move up and down the supply chain and affect whomever you engage with to run your organization. Bad actors exploit software vulnerabilities, seeking access to your systems through third-party software you use to conduct business.

Vulnerabilities may also be the result of contractors not adhering to security policies (you might remember this incident with Okta, for example) in addition to consultants, advisors, and even sales reps, who can obtain and leak customer lists and pricing information to competitors. Third-party and supply chain vulnerabilities can be mitigated by a cybersecurity process that focuses on management strategies, risk assessments, network scanning, and testing.

Insider Threats in the News

Fintech giant Block, formerly known as Square, confirmed a data breach that affected more than eight million users. This breach involved a former employee who downloaded reports from Cash App that contained U.S. customer information.

A research scientist at Yahoo stole proprietary information about Yahoo’s AdLearn product minutes after receiving a job offer from The Trade Desk, a competitor. He downloaded approximately 570,000 pages of Yahoo’s intellectual property (IP) to his personal devices, knowing that the information could benefit him in his new job.

The city of Dallas suffered massive data loss stemming from employee negligence– in this case, video, photos, audio, case notes, and other files were deleted – slowing prosecutions and losing archived files which had been maintained for trial evidence.

Marriott Hotels and Resorts were hit with a data leak due to a compromised third-party vendor app, with almost 339 million hotel guests affected. Lost credentials included passport data, contact information, gender, birthdays, loyalty account details, and personal preferences. The breach resulted in a multi-million-dollar fine on Marriott for failing to comply with General Data Protection Regulation (GDPR) requirements.

How to Stay Ahead of Insider Threats

1. Nail the basics: implement policies and train your organization

Identifying insider threats and addressing potential risks starts with ongoing cybersecurity awareness training and education to ensure every employee knows how to detect risk. For learnings to stick, we recommend using dynamic training like phishing simulations, in addition to making content memorable end engaging.

Setting up and getting buy-in for policies are important steps in the prevention of insider threats in order to ensure everyone is on the same page when it comes to responsible technology usage, data privacy best practices, etc. It’s also imperative that employees know how to respond according to approved processes in the case a cyber event occurs.

2. Be proactive and know your weaknesses

We know that vulnerabilities exist despite our best efforts, so it’s essential to get an understanding of your baseline cybersecurity status and proactively test your networks and systems to address potential points of access before insider threats get to them first.

3. Get help from technology

These days, it’s vital to enlist the support of technology when human efforts simply can’t always cut it. Solutions like Managed Detection & Response actively monitor, detect, contain, and respond to mitigate the damages of an incident, 24/7. Using AI (artificial intelligence) and ML (machine learning), this type of continuous monitoring can remove the need for a SOC (Security Operations Center) and provide the end-to-end active protection organizations require to combat the risks of insider threats.

Regardless of the type of insider threat, in cybersecurity a multi-faceted approach is necessary. Through a combination of education, training, policies, assessment, and technology, you can protect your organization from insider threats and mitigate their business impact.

More Resources

• The Impact of Internal Threats on an Organization (blog)
• Protect Your Data with Data Privacy Awareness Training (blog)
• Not sure where to start with your cybersecurity program? See where you stand with a FREE cybersecurity risk assessment.