Insider Threat - Insider Threat Definition & Examples
Data breaches are becoming more and more common but they are not necessarily the result of cybercriminals getting smarter and smarter. Instead, as cybersecurity gets better and better, cybercriminals are simply finding more creative ways of exploiting what continues to be the weakest link in almost all cybersecurity systems: the human element. Some of the biggest threats to data security often come from within rather than without. This doesn't necessarily mean that employees are purposefully setting out to sabotage their companies (although that happens as well) but rather that employees are often unaware of just how easily they can become the gateway to massive data breaches.
Common Types of Insider Threats
- Phishing Scams: It seems that no matter how many warnings the informational security community issues, people just go right on clicking on links and downloading attachments with abandon. In fact, a 2017 Data Breach Report conducted by Verizon found that targeted phishing and malicious attachments sent in email messages continue to be the most prevalent causes of data breaches. Considering that more than half (51%) of all data breaches investigated involved the installation and use of malicious software and that a whopping 66% of the malware linked to data breaches or other incidents (i.e. ransomware) was installed via malicious email attachments, then just eliminating the downloading of malware alone would stop more than half of all data breaches.
- Third Parties: Not everyone that has access to your data is an employee, but they are still insiders that can pose a threat to your company. In fact, one of the biggest data breaches of all time - the Target data breach - was accomplished via a compromised third party. While clearly, an international brand like Target would take the protection of financial data very seriously, a small heating and air conditioning contractor might not. In fact, they might have no idea they could even be used to access such a mother lode of information. Such was exactly the case with the Target breach. Because the contractor had access to Target's financial database for billing reasons, they provided the perfect minimum security portal through which to access millions of consumer financial records without ever being aware such a thing could happen.
- Disgruntled Employees: There is quite literally no end to the amount of harm a disgruntled employee can cause to a company. In some cases, they may even go right on sabotaging the company for years without anyone being the wiser. From data theft to selling passwords on the dark web to installing worms that slowly and methodically eat up all the company's hard drive space, disgruntled employees can do a great deal of damage all while hanging on to their jobs at the same time.
- Executives With Access: The damage that disgruntled employees can do to a company pales in comparison to what an executive with access can do. From embezzlement to the theft of trade secrets, high ranking executives can slowly siphon off large portions of a company's most valuable assets over the course of years or even decades. Even when executives themselves don't knowingly engage in theft or espionage, being careless with their credentials can be just as damaging. A low-level employee with a senior-level employee's credentials can wreak just as much havoc. While a junior-level employee may be able to put a serious dent in a company's assets over time, a senior-level employee can outright cripple an entire company.
- Disgruntled Former Employees: A current employee may be somewhat circumspect in the amount of harm they attempt to do to a company because they still have something to lose - their job. Former employees, however, quite literally have nothing to lose and that includes employees that are on their way out anyway. All-too-often businesses (particularly small businesses) can forget to revoke employee access to any number of systems ranging from company email systems to scheduling systems to even accounting systems. Employees don't even need to be disgruntled to wreak havoc either. In some cases, they may simply be moving to a competing firm that may offer them a cherry signing bonus for bringing a client or other proprietary information with them.
Ultimately, employees and executives need access even when that access may prove the largest threat to the company. The two best defenses against insider threats are education and compensation. Education can help prevent employees from being an unwitting insider threat and generous compensation may make employees less likely to bite the hand that feeds them, even as they are walking out the door on their way to another company.
Ready for the next step?
Spot user behaviors and device information that’s suspicious, and stop those fraudsters in real time. We track billions of devices and our fraud analysts add evidence to make this intelligence even more effective.