top of page
carriepbowers

Silent Saboteurs: Understanding and Combating Insider Threats

Updated: Dec 21, 2023

The security landscape has seen a notable increase in insider threats, contributing significantly to data breaches. The Ponemon Institute's research indicates a 14% increase in frequency and a 76% increase in the total average cost of insider threats between 2018 and 2022. These threats can arise from employee or contractor negligence, such as sending sensitive data to the wrong recipient, misconfiguring environments, or unsafe work practices. This type of negligence is often the most common cause of insider threat security incidents. Moreover, the expansion of attack surfaces due to hybrid office environments, public cloud usage, and supply chain risks have created new insider threat challenges. Unlike external threats, insider threats are challenging to detect because they come from individuals who already have legitimate access to the organization's systems and data. It takes an average of 85 days to detect and contain an insider threat incident, with only 12% of such incidents contained in fewer than 31 days, according to the 2022 Cost of Insider Threats Global Report by the Ponemon Institute.



Detecting & Preventing insider threats

1. Behavioral Analysis: Use tools to monitor and analyze employee behavior for patterns indicative of malicious activities.

2. Access Monitoring: Implement strict monitoring of access to sensitive data, and regularly review access logs.

3. Anomaly Detection: Utilize machine learning and AI to detect deviations from normal patterns of behavior or access.

4. Data Loss Prevention (DLP) Tools: Use DLP tools to help monitor and control data transfer, preventing unauthorized access or sharing of sensitive information.

5. Information Segregation: Divide critical information into different segments, limiting the impact of any single user.

6. Incident Response Plan: Develop and regularly update an incident response plan that includes protocols for insider threat scenarios.

7. Employee Training and Awareness: Provide regular training sessions on data security, recognizing phishing attempts, and safe internet practices to significantly reduce unintentional data leaks.

8. Whistleblower Programs: Encourage reporting of suspicious activities through secure and anonymous channels.

9. Background Checks: Conduct thorough background checks during the hiring process to screen for potential risks.

10. The Human Element: Provide support for employees going through stress or personal issues, as these can be factors in insider threats.



Cultivating A Security Mindset

1. Lay the Foundation: Security Awareness from Day One

Discuss the importance of introducing security protocols and expectations as part of the onboarding process.

2. Continuous Learning: The Role of Ongoing Security Training

Focus on the need for regular training sessions to keep employees updated on the latest security threats and practices.

3. Create a Culture of Security: Beyond the Tech

Explore how to foster a workplace culture that values and prioritizes cybersecurity in daily operations.

4. Empower Employees: The Power of Reporting and Vigilance

Discuss the importance of encouraging employees to report suspicious activities and the role they play in maintaining security.

5. Tailor Training: Customize Security Education for Different Roles

Address the need for role-specific security training that aligns with the unique access and responsibilities of different positions.

6. Utilize Technology: Tools and Systems for Enhancing Security Awareness

Look at how technology can support security training and awareness, such as through simulations or gamified learning experiences.

7. Assess Understanding: Evaluate Employee Security Knowledge

Discuss methods for assessing the effectiveness of security training and understanding among employees.

8. The Insider Threat: Educate Employees on Internal Security Risks

Focus on the importance of educating employees about the risks and signs of insider threats.

9. Offboarding & Security: Safeguard Data to the End

Discuss the procedures and importance of maintaining security protocols during the offboarding process.

10. Feedback & Improvement: Evolve Security Practices Through Employee Input Highlight the importance of gathering employee feedback to continuously improve security training and protocols.


Organizations should recognize that while technology is a critical component in protecting against insider threats, the human element is equally important. A holistic approach that combines technical controls, employee education, organizational culture, and effective governance is essential to mitigate the risk of data leaks from insider threats. The importance of addressing insider threats is underscored by the substantial potential for damage they represent, making it a critical area of focus in the broader field of security.

683 views0 comments

Recent Posts

See All

Comments


bottom of page