Email: info@fc-llc.org
by Freedom Consulting Posted on August 27, 2021
Insider threats can be some of the most challenging to identify and one of the costliest threats an organization has to rectify. Not only does an insider have access to your controlled areas, whether digital or physical, they know your inner workings. Whether you are a small business or a large, multi-billion-dollar corporation, an insider threat remains one of the most challenging threats to predict and identify.
According to CISA, “An insider threat is typically a current or former employee, third-party contractor, or business partner. In their present or former role, the person has or had access to an organization’s network systems, data, or premises, and uses their access (sometimes unwittingly).” (1) According to the 2020 Insider Threat Report by Cybersecurity Insiders, the types of insiders that pose the most considerable security risk to an organization are privileged IT users/admins, regular employees, contractors/service providers/ temporary workers, and privileged business users/ executives.
Insider threats are categorized in three different ways: malicious, careless, and imposter. A malicious insider is an employee that intentionally uses their access to acquire sensitive information. These people are most likely working for a competitor or seeking payback. A careless insider is an employee who unknowingly allows a threat to access or expose information to outsiders. An example of this is an employee clicking on a link in an email that turns out to be a phishing link. Finally, there are also the imposters. An imposter is someone that has created credentials to pass as an employee to gain access to your assets.
For example, in 2018, Tesla CEO Elon Musk sent an email to Tesla employees about an insider threat attack. Mr. Musk said that the insider had conducted “quite extensive and damaging sabotage” to Tesla’s operations, including changing code to an internal product and exporting data to outsiders. According to Mr. Musk, the attack was due to the employee not receiving the promotion they had wanted. While Mr. Musk did not reveal the dollar amount the damage caused Tesla, it was extensive and detrimental to the company.
In 2020, The Ponemon Institute conducted a study on the cost of insider threats. It found that companies from North America, on average, spent a whopping $13.3 million to rectify damages from insider threats. According to the same report, it took an average of 77 days to detect and contain an insider attack.
Identifying insider threats can be extremely difficult. One thing to look for is an employee living beyond their means. It would help if you also kept aware of disgruntled employees, both current and former. It is crucial to ensure your access control policies and procedures are up to date and correctly enforced. Part of your company’s policies and procedures must include strict out-processing protocols when an employee leaves or is terminated. These protocols will ensure their access to sensitive materials is immediately revoked. Having company training that enforces the mantra, “See something, say something,” will help promote a shared responsibility culture and help mitigate disasters an insider threat can impose.
While stopping an insider threat is difficult, it is not impossible. With the proper training, enforcement of policy and procedures, and companywide awareness training, you can help to reduce the chances of the threat. For more information or questions, please contact us at: https://www.fc-llc.org/contact-us/.
Sources:
(1) https://www.cisa.gov/insider-threat-mitigation
https://www.ekransystem.com/en/blog/insider-threat-statistics-facts-and-figures
© 2024 Freedom Consulting LLC. All rights reserved