How to Spot an Insider Threat
How to Spot an Insider Threat
Most businesses are aware of the threats posed by external hackers or malicious actors to their business. Thousands—if not millions—of dollars are spent annually by these businesses to safeguard their network against unauthorized external access. However, most businesses do not invest as much effort or resources to guard against insider threats to their business. Insider threats pose as much of a threat and cause as much damage to businesses as threats from external hackers. The following statistics highlight the danger of insider threats to businesses:
- Sixty-eight percent of all network attacks that targeted healthcare organizations in 2016 were due to insider threats.
- In 2018, 53 percent of all businesses reported that they had been victims of insider threats within the previous 12 months.
- The total average cost for businesses impacted by insider threats is $8.76 million.
- The average time taken to contain an insider threat is 73 days.
TYPES OF INSIDER THREATS
There are two types of insider threats that businesses should be aware of when trying to secure their networks. Neglect of one or the other type of insider threat can leave a business vulnerable to an insider attack. The types of insider threats include:
- Malicious/deliberate insiders. These are individuals who willfully look for ways to sabotage a business by compromising their data.
- Accidental/unintentional insiders. These individuals unknowingly put the company at risk through negligence and other poor work practices.
EXAMPLES OF INSIDER THREATS
Some instances of businesses that became victims of insider threats for a variety of reasons include:
- Anthem: In 2017, the health insurance carrier BlueCross BlueShield sent out notices to about 18,000 of its Medicare customers that their data had been breached. LaunchPoint Ventures, Anthem’s Medicare insurance coordination services vendor, reported that one of its employees was discovered to have been stealing personal customer information, such as Medicare IDs, Social Security numbers, and health plan IDs.
Target: Target Supermarket was the victim of a massive data breach in 2013. It reported that the personal information of about 110 million of its customers had been compromised; the compromised data included both personal and credit/debit card information. An employee of one Target’s third-party vendors unintentionally facilitated this data breach by falling victim to a phishing email; hackers were, then, able to install the malware to access the protected data.
- Sage: In 2016, software firm Sage reported that a data breach had compromised the data of about 280 of its UK business customers. One of its employees used an internal login to access unauthorized data and was, therefore, able to compromise the network.
INSIDER THREAT RISK FACTORS
Given the damage that can be caused by insider threats, it is essential that potential vulnerabilities are promptly recognized and mitigated. Some factors that can put businesses at an increased risk of insider threats include:
- Unrestricted access: Employees whose access is not regulated or is poorly controlled often pose severe threats to an organization. Willful or unintentional data breaches caused by these individuals can often be devastating. Ideally, the principle of least privilege should be used when granting access; an employee should have only the minimum access necessary to fulfill job duties.
- Poor security practices: The use of poor security practices by employees, such as using weak passwords, reusing passwords, clicking on links from suspicious emails or leaving computers unlocked, can put businesses at risk of insider threats. Regular training should be done to educate users about the importance of good security practices.
- Bring Your Own Device (BYOD): Employees who use their personal devices to carry out work-related activities can put their businesses at risk. The personal devices may not be secured adequately and as such, be at risk.
At Orenda Security, we know all about the risks of both internal and external threats to business networks. We offer cloud security, penetration testing, and dynamic testing to protect your network.
Contact us today and request a quote!