How to Spot Insider Threats (And Stop Them Before It's Too Late)


Tech Insights for ProfessionalsThe latest thought leadership for IT pros

Tuesday, October 18, 2022

Insider threats can have serious financial and reputational repercussions for your business. Here's what you can do to mitigate this risk.

Article 5 Minutes
How to Spot Insider Threats (And Stop Them Before It's Too Late)
  • Home
  • IT
  • Security
  • How to Spot Insider Threats (And Stop Them Before It's Too Late)

Businesses today need to be vigilant to cybersecurity threats coming from all quarters. That means not only monitoring risks from outside your organization, but also tackling those that originate within your own workforce.

Company insiders are responsible for more than one in five security incidents (22%), according to the Verizon 2021 Data Breach Investigations Report. Research has also shown that the frequency of incidents involving insider threats increased by 47% between 2018 and 2020.

Make sure you understand this risk and have a plan in place to stop it inflicting serious damage on your business, your customers, or both.

Understanding insider threats

It's crucial to operate from a position of awareness and understanding if your efforts to tackle insider threats are to deliver results.

These risks to your business often have their roots in three areas:

  • Malicious intent: Disgruntled or unscrupulous employees may launch targeted attacks against the company with the aim of stealing data or accessing systems for their own gain
  • Carelessness: Small errors or oversights - such as a member of staff clicking on a link that exposes your network to malware, or misplacing a piece of physical hardware containing sensitive information - can have severe consequences from a security perspective
  • Compromised users: Your business could come under threat if valid users' account details are compromised or acquired by a third party who’s then able to access your systems

Make sure you're tracking user activity and behavior within your organization to gain an idea of what types of insider threat pose the biggest danger to you.

Stay vigilant to insider threat indicators

It's crucial to be on the lookout for the most common warning signs that members of your workforce could - either consciously or inadvertently - represent a security risk.

1. Changes in performance or attitude

Disgruntled or dissatisfied employees can be a real danger to you if they decide to use their security credentials to hurt the business, benefit themselves, or both.

Someone who was rejected for a promotion or raise to which they felt entitled, for example, might decide to take matters into their own hands and steal valuable data with the aim of selling it to the highest bidder.

It's also possible that unhappy members of staff looking for jobs with rival businesses could attempt to access sensitive information to pass on to a competitor.

2. Sudden enthusiasm

As well as looking for signs of unhappiness or declining performance in the workplace, you should stay vigilant to sudden increases in enthusiasm or desire to take on more responsibility, especially in people who’ve previously seemed disengaged or shown poor performance.

This could be entirely innocent and may simply be a sign of an employee wanting to make a good impression. However, a conspicuous shift in attitude could also signal that someone is attempting to access sensitive data for their own illicit purposes.

Show caution and keep a close eye on workers who engage in behaviors such as:

  • Staying late with no clear explanation why
  • Working at unusual times
  • Showing an interest in tasks or systems that lie outside their normal responsibilities
  • Suddenly doing lots of work from home

3. Unusual user activity

Another big warning sign to look out for is unusual user activity across your network, especially if this can be traced back to individuals whose behavior has already raised red flags.

Events that could be a cause for concern include system logins from unusual locations or at unexpected times of the day, and people attempting to use applications or software to which they don't have access.

Large data downloads or transfers may also warrant further investigation by the cybersecurity specialists on your IT team.

4. Frequent overseas travel

At the most extreme end of the insider threat spectrum is corporate espionage, whereby businesses engage in spying, subterfuge and other underhand tactics to gain an advantage over their rivals. This might involve recruiting employees of other companies to steal information.

If you're a global corporation with competitors around the world, it's worth staying alert to sudden changes in your employees' travel habits, especially if people start making regular repeat trips to the same location.

Again, there could be an innocent explanation for this, but you should certainly be aware of the risks posed by corporate espionage.

Protect yourself against insider threats

When it comes to shielding your company from the potential consequences of insider attacks, one of the most important goals to focus on is the establishment of a strong security culture throughout the organization.

That will mean taking steps such as:

  • Offering consistent, dedicated training to help employees at all levels of seniority understand and spot the warning signs of insider threats
  • Ensuring that IT specialists, managers and executives set the right example by adhering to recommended practices and prioritizing security at all times
  • Recognizing and rewarding employees who help to keep the business safe by maintaining high standards

You should also be sure to take advantage of innovative tools and solutions to tackle insider threats. Automated behavior analytics software, for example, enables you to collect and examine data on user activities to quickly identify anomalies or suspicious events.

By combining training, education and awareness with the latest technologies, you can increase your protection against risks originating within your workforce and many other potential hazards.

Further reading:

Tech Insights for Professionals

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.


Join the conversation...