You get the call: There’s been a security breach. You round up the usual suspects, like ransomware, denial of service, or another cybercrime. Once you’ve found the cause, it’s time to find the culprit, and it dawns on you: The breach came from inside! It’s none other than an insider threat, one of the most insidious cyber threats out there.
Despite their difficult nature and unpredictability, insider threats can be thwarted with some clever moves. In this blog, we explore strategies for dealing with insider threats.
What is an insider threat?
You might think of an insider threat like a double agent, the trusted employees, contractors, and business partners who know where the skeletons are buried. And while that may be true in some cases, most of the time, insider threats come from employees who by accident open the organization up to cybercrime. They might click on a fraudulent link, accidentally leak data, or fall for a phishing scam, for example. Whichever avenue an insider threat takes, they’re the ones who can make your cybersecurity team lose sleep at night.
Why is it important to protect against insider threats?
Insider breaches have had big-time costs for organizations of all sizes. According to one report, insider threats that result in breaches cost organizations an average of $16.2 million, a 40% increase from four years ago. That cost is inclusive of spent resources, wasted employee time, lost opportunity costs, and potential profit losses.
There are also less tangible but still vital reasons to protect against inside jobs. These include preventing against the loss of sensitive data, reputational damage, disruption of business operations, and legal and regulatory consequences.
How can an insider breach accidentally happen?
Here’s a scary thought: Nearly anyone in an organization has the potential to pose an insider threat. That’s because anyone who has access to personnel, facilities, information, data, or equipment and systems can potentially cause a breach, whether intentionally or not.
The following are some scenarios in which an organization can fall victim to an unintentional insider threat:
- A healthcare professional received an email from an unknown sender and opened the email — in doing so, was a victim of phishing.
- On a business trip, an employee uses a hotel’s open Wi-Fi network that falls victim to a cyber heist, leaving company information up for grabs.
- An employee is working at a coffee shop and leaves their computer unattended without logging out. That trip to pick up a scone or a fresh cup of coffee could leave their device open to prying eyes.
- A healthcare professional has a hospital system open but gets pulled away for an emergency, leaving sensitive patient information visible to unauthorized individuals —and, possibly, shady characters who could use that information.
The list goes on and on of possibilities when it comes to employees accidentally leaving themselves vulnerable to attack. That’s why it’s important to make your clients and their employees aware of the dangers that await if they leave themselves unprotected.
What are some examples of intentional insider threats?
There are notable times when someone on the inside has intentionally made things sticky for their organizations—with potentially scary ramifications. Just as the COVID-19 pandemic began, a disgruntled former employee at a medical packing company used admin access to set up a fake new user account, then altered thousands of files to delay or stop shipments of personal protective equipment. And Canada’s largest credit union, Desjardins, saw a malicious insider unlawfully copy customer data, costing them $108 million to mitigate the breach.
Through these examples of ne’er-do-well-ers who sought to cause harm, it’s actually more common for this sort of thing to happen by accident. One report found that 55% of insider security incidents resulted from careless or negligent employees. So, whether someone’s fingers slip on their mouse or purposefully pushes the organization over the edge, the damage can be substantial, either way.
How can I protect my business and clients from insider threats?
There are a number of strategies managed service providers (MSPs) and the organizations they serve can utilize to detect, contain, and prevent these insidious insider threats before it’s too late.
- Conduct security awareness training (SAT): Conduct security awareness training to teach employees best security practices, such as password hygiene, taking care with sensitive data, and recognizing phishing scams. This can help reduce the threat of breaches due to ignorance or negligence. If they can’t provide this training on their own, conduct it for them. Learn how to implement proper security awareness training for clients with Pax8 Academy or connect with your channel account manager to discuss which vendors provide SAT like IRONSCALES and Breach Secure Now.
- Implement identity and access management (IAM): This concept ensures users and devices have access to the right data at the right time. To thwart bad actors from inside the organization, limit the permissions of any departing employees immediately.
- Utilize user behavior analytics: Apply advanced data analytics and artificial intelligence (AI) to discover baseline user behaviors — so that it’s easier to detect if anything fishy is going on.
- Use offensive security: Don’t be afraid to be offensive when it comes to your security practices. Offensive security, or OffSec, involves using “ethical hacking” to detect and fix any IT system flaws, security risks, and vulnerabilities. Running phishing simulations or red teaming can help strengthen insider threat programs. It’s like having a double-double agent!
How we can help
Pax8 is like your cybersecurity 911 for insider threats. From Academy courses on the nitty gritty of cybersecurity to solutions to white-labeled resources to help guide conversations with your clients, we’ve got you covered. Start exploring the Pax8 Marketplace and our resources to see how to protect yourself and your clients from insider threats.
