The State of Insider Threats as we end 2020

Cybersecurity is going through a massive transformation. The majority of CIOs and CISOs assumes that cybersecurity threats emanates more from the external sources and accordingly designs the architecture keeping external threats from stealing organizations’ most valuable assets. However, according to McKinsey, more than 50% of the data breaches were caused by insiders. According to Gartner, “the trend in buyer interest in insider threats with buyer inquiries for insider threats in 2020 on pace to double the inquiries on the topic since 2018.” The recently discovered data breaches prove that insider threats have become a major concern for companies everywhere.

During the past year, some of the biggest and most expensive data breaches were caused by inside actors. The Tesla data theft case, which involved large amounts of highly sensitive data transferred to unknown third parties by a malicious insider, clearly illustrates the danger of insider threats. The case of Suntrust Bank suffering a data breach, caused by an employee who stole the records of 1.5 million clients is also in recent memory

Insider Threat risks will continue to grow as the workforce diversifies to include remote employees, outsourced contractors, part-time employees and vendors with access to systems. This trend, along with the new normal of nations engaging in cyber warfare to gain a competitive advantage, is resulting in more organizations than ever before focusing on and building Insider Threat mitigation programs.

The Rise of Insider Threats

In contrast with external threats, the source of internal threats is within the company and they are often caused by a current or former employee, contractor, or business partner who has access to the organization’s network, systems, or data. Their motivations vary, including financial, sabotage, malice or even espionage. These have to be handled differently than that of incidents caused by negligent insiders as these individuals typically have legitimate access to information. Internal threats can have a wide range of shapes including mishandling or misusing company or customer information, removing sensitive information from premises for unauthorized or unknown reasons, using unauthorized storage devices, copying company or confidential data without approval etc.

Companies are increasingly implementing strategies for collaboration to make information sharing easier than ever including making Workstream collaboration platforms such as Slack available to broad spectrum of employees, contractors and vendors. Though it increases productivity and collaboration, it also brings new threat vectors and introduce inherent risks. The insider threat is very present with these tools, whether it is in the form of an employee accidentally sharing customer database, intentional disclosure of trade secrets, or SSNs being shared to the public cloud.

The consequences and outcomes of insider attacks are many; beyond the lost value of the asset that was disclosed, removed or destroyed, businesses can suffer losses of revenues as well as of intrinsic value. Furthermore, these can reverberate on operations, causing broad disruption and dip in employee morale. These can also cause cause organizations to spend on expensive remediation costs. Liability costs include compliance fines depending on the regulation, breach notification costs, higher insurance costs and litigation costs. The business also suffers from reputation loss, though it is difficult to quantify that aspect.

Insider Threats Mitigation

Insider threats can be challenging to combat as humans are hugely complex, displaying a matrix of emotions and motivations behind their actions. However, it is possible to factor these risks with the right planning and processes. Businesses should have appropriate detection and response data security controls, instead of simply trusting employees to keep sensitive data safe. Let’s check what kind of processes companies need to implement to reduce risks related to internal attacks.

Cybersecurity mindset

Businesses investing heavily in cybersecurity often base their investments on technology, but don’t sufficiently attend to the human side of it — which remains the top cybersecurity risk for many organizations. Such a mindset ignores the fact that most of the cyber breaches result from employee actions and vulnerabilities inherent in various business processes.

Employees need to know what to do – and what not to do – when it comes to using email, the internet, and social media. “Security is everyone’s business” is a message that companies should reinforce frequently. Educating entire teams with little to no technical background can be difficult, however the importance and best practices of cybersecurity should be imparted to all employees.

Security policies

The security policies in most companies are static not mindful of dynamic cybersecurity threats which emanates frequently. The security policies need to be constantly updated based on threat assessment and employees trained and retrained often. A security policy should include procedures to prevent and detect malicious activity, and should include an incident response policy, a third-party access policy, an account management and a password management policy as well. Creating an effective cybersecurity preparedness plan is a mix of implementing company-wide, procedural policies; utilizing data protection and taking technical precautions to protect your data; and putting a reactive plan in place in case the worst case does happen.

Cybersecurity tools

Implementing robust technical controls are also an important step in mitigating insider threats. Traditional security measures are focused on minimizing external threats, but these usually are not good enough to handle internal risk emanating from inside the organization. Specific tools to handle insider threats, should be implemented, in order to protect assets. For instance, solutions like encryption and Data Loss Prevention (DLP) can help organizations prevent data exfiltration by insiders.

Start with a Small and Focused Approach

Implementing an effective insider risk program requires a design tailored to the specific culture, processes, and risks of the organization. It’s important to start small and focus on a clearly defined high-risk employee sub-group to work through the organizational issues that need to be solved. With insider threats set to increase in 2020, organizations simply cannot afford to ignore the threat. Getting it right will deliver clear benefits, but delays could be fatal as earlier instances have shown. Take a proactive approach to managing insider risk as we end 2020 – start small, but start now.

The State of Insider Threats as we end 2020

Related Article