Insider Threat Indicators and Prevention Tips

We often think of cyber threats as coming from outside our company, or even from other countries — and that is often the case. However, there is another threat closer to home that many businesses ignore: threats from within their organizations. Known as insider threats, these can occur for many reasons. In today’s increasingly digital and data-driven world, it’s important to have these insider threat indicators on your radar and to take steps to improve your cyber security posture to reduce the threat.

What Is an Insider Threat?

An insider threat is one that comes from someone who works for your organization or has access to your network, such as a vendor, client or former employee.

Insider threats are responsible for an estimated one-third (33 percent) of all cyber attacks. This threat is growing rapidly, as much as 47 percent over the last couple of years, and recent cybersecurity surveys show that 66 percent of organizations consider insider attacks to be a more likely threat than external ones.

Intentional Threats

Employees who feel wronged can pose formidable threats. They might leak sensitive information, harass associates, sabotage equipment or even perpetrate violence. Some may steal proprietary data and intellectual property in the false hope of advancing their careers or for payment from an organization that could benefit from that information.

There are documented cases of foreign governments planting employees within companies to steal intellectual property.

Unintentional Threats

Unintentional insider threats happen by accident or due to negligence.

Accidental threats occur when an insider mistakenly causes an unintended risk to an organization. We all know that mistakes are made and cannot be completely prevented. For example, an insider mistypes an email address and accidentally sends a sensitive business document to a competitor or they inadvertently click on a hyperlink, opening an attachment that contains a virus within a phishing email. Sometimes it’s because they haven’t properly disposed of sensitive documents.

Negligent, or careless threats, are because staff did not follow security protocols. Or, they have misplaced or lost a portable storage device containing sensitive information.

Other examples include staff that:

• Won’t use Multi-Factor Authentication (MFA).
• Allows someone to piggyback through a security point.
• Ignores messages to install new updates and security patches.
• Uses insecure public Wi-Fi.

Opening Pandora’s Box (Non-Malicious Insider Threats)

Not all cyber threats caused by insiders are malicious. An employee can unintentionally or accidentally put your company at risk in several ways. The most common are:

• Email errors: An email containing sensitive information is sent to the wrong recipient or is not appropriately secured.
• Social engineering: Even seasoned professionals can take the bait in sophisticated phishing scams, especially if they haven’t been taught the risks of social engineering. They may fall for a request to help someone or some company they think they know. Other times, they ignore security protocols because they’re distracted, stressed, rushed or overwhelmed, or they just don’t take it seriously, and that’s a problem.
• Bad credential handling: Poor credential hygiene (think username and password) is one of the fastest ways for a company to suffer a data breach. Employees may write down passwords on sticky notes or share administrator passwords to save time. In doing so, they are putting the security of their company’s data at high risk.

Malicious Insider Threats

Many malicious insider incidents result from an employee’s termination or layoff. Prevent terminated employees from taking data with them when they leave and ensure their accounts are promptly disabled to block their access.

Here are some factors that can turn employees into malicious threats:

• Feeling unappreciated or under undue stress
• Receiving a poor performance review
• Having serious financial problems
• Angry about being passed over for a promotion
• Disgruntled by layoffs or terminations
• Not getting along with coworkers or disagreeing with company policies

Of course, most employees won’t turn to insider attacks, so it’s important not to overreact. After all, an employer who treats employees like suspects and “threats waiting to happen” is likely to create more potential threats, not reduce them.

Malicious Insider Threat Indicators

Again, it must be said that the signs we’re about to mention don’t mean an employee is going to become a malicious threat. However, be on alert when an employee:

• Starts working odd hours
• Isolates themselves or otherwise acts suspiciously
• Adds improper privileges to their user account
• Downloads or accesses large amounts of data
• Sends sensitive information to their private email accounts
• Mishandles passwords
• Installs unauthorized software and apps
• Has been disciplined and seems disgruntled
• Decides to leave your company

No matter the reason, when an employee leaves the company, it is critical to lock them out of your network as soon as possible.

Insider Threat Prevention Begins With Awareness

A key aspect of a strong security culture is cyber security awareness. Employees should be taught how to spot and stop security threats and know the best practices for their particular business. Benefits include:

• Awareness of the most relevant security threats
• Staff that’s engaged with, and takes responsibility for, security issues
• Increased compliance with protective security measures
• Employees who are more likely to think and act in a security-conscious manner
• Reduced risk of insider incidents

The Importance of Cyber Security Culture

A company’s security culture is the attitude of the entire staff about cyber security. Many factors comprise your cyber security culture including:

• Corporate priorities
• Knowledge garnered from cyber security education
• The implementation of security best practices
• Compliance with security policies and procedures
• Maintaining security around data and systems

When employees understand the importance of these practices and the possible consequences of an incident, they are more likely to make smart choices when it comes to security. This strengthens your company’s defenses and safeguards your data.

Build a Strong Security Culture in Four Steps

1. Start at the top. Lead by example. If the leadership team of the company takes security seriously, employees will, too.
2. Prioritize digital security. Sounds simple, but reports show that the majority of businesses are failing at this. An IBM report stated that only nine percent of those surveyed cited digital security as the most important factor facing their business. Defense against cyber attacks was rated as the least important factor (18 percent) to their company’s success.
3. Align IT goals with corporate priorities. Another survey of security professionals stated that one of the three biggest blockers to managing risk was not having the support they needed from leadership to grow a strong security culture: 10 percent said they had no support at all.
4. Commit to raising security awareness. Seventy-five percent of survey respondents said they don’t spend much time promoting security awareness, less than half their time. It’s also a fact that 60 percent of businesses don’t teach and monitor cyber security even though it is critical for reducing security incidents.

Need Help?

Intrust IT has been helping businesses with IT for decades. If you think you may have an insider threat or just want to shore up your cyber security, contact us or book a no-obligation meeting. We are ready to help.