The dangers insider threats pose
Accidental insider threats can have huge consequences, both financially and in terms of a firm's reputation. The Ponemon Institute estimated that in 2020, incidents caused by negligence cost an average of $307,111 each. However, because they're so frequent, this adds up to a total cost of $4.58 million a year.
When it comes to deliberate actions rather than errors or negligence, there are a range of incidents that can fall under the umbrella of insider threats, all of which have the potential to cause serious damage to your business. Although malicious threats only account for 14% of incidents, they cost an average of $756,000 each, so ensuring everyone is aware of what such incidents look like is vital.
These threats include:
- IP theft: Your intellectual property (IP) is often among your most valuable assets, and employees know this. Therefore, it can be tempting to steal this data to sell on the open market, or take with them when they leave. In 2020, for instance, it was revealed how one General Electric employee had downloaded thousands of proprietary files to try and start his own company.
- Fraud: Theft or disruption of data for financial gain is another risk you need to be on the lookout for, such as users accessing and misusing financial details, changing account routing information or approving false payments. As much as 40% of fraud-related losses stem from insider threats, so it's vital you have processes in place to spot this activity.
- Sabotage: Disgruntled employees using their privileged access to destroy data or disrupt systems can be hugely harmful. For example, one case involving a Cisco employee deliberately deleting hundreds of virtual machines cut services to thousands of WebEx customers and cost the firm $1.4 million in damages.
- Espionage: This is sometimes similar to theft, but with the difference that the perpetrator is taking information with the express purpose of handing it to another organization, such as a competitor or even a government. These inside agents could be working for someone else from the start, or may be the target of bribery or blackmail.
3 steps to boost awareness of insider threats
Putting in place a training program to tackle these risks is paramount, and this should have two elements to it. The first is training employees on best practices to reduce the risk of accidental breaches, while the second is to ensure users have the knowledge and confidence to report any suspicious activity they encounter. Within this there are a few factors to take into account.
1. Understand the different options for training
Developing a comprehensive training program is no small task. Different people learn in different ways, so you need resources that work for everyone, not just a single lecture where employees get talked at. Some people prefer a session with an instructor, while others would rather read material on their own time. Consider multimedia training, quizzes and articles to give people the best range of options.
2. Encourage openness
Developing an environment where people can feel comfortable reporting any issues they encounter is vital. This ensures people aren't worried about potential punishments for genuine mistakes, or getting something wrong during training. Giving people a clear point of contact if they spot something suspicious can also help encourage them to report incidents and be confident it will be investigated fully.
3. Run simulations
Simulations are among the most effective parts of any cyber defense strategy, as they can show employees exactly what to look for and alert security teams to anyone who isn't following policies. These often involve phishing attempts, but other simulated insider attacks can also let you know if your defenses aren't spotting unauthorized access to databases or data exfiltration efforts, for example.
Access the latest business knowledge in IT
Join the conversation...