An Executive’s Guide to Insider Threat
We’ve all heard the saying “people are your greatest asset”, and, depending on whether or not you agree or happen to think that those five words strung together are the most meaningless words in today’s corporate lexicon, there is one thing that's certain - people are also your organization’s biggest threat. In today’s information security world, cybersecurity professionals know all too well that human error is the weak link in any security program. While we can hone intrusion detection systems (IDS) and firewalls to respond to network traffic precisely how we need them to, the unique condition of our “greatest” asset is that they make mistakes. As such, whether these errors unintentional or deliberate, employees have one thing cyber adversaries want - access.
Knowing Your Insider (Threats)
When discussing insider threat, it is important to have a baseline of some of the common insider threat typologies. Typically, when people think of insider threat they cognitively refer to landmark cases such as the NSA leaks by Edward Snowden or, more recently, the troves of data stolen from Tesla by employee Martin Tripp. These cases illustrate that the danger from insider threat can be both catastrophic and aren’t unique to either the public or private sectors. The two cases also demonstrate the type of insiders most people associate insider threat with - the malicious insider. The malicious insider is one who knowingly and deliberately compromises assets or information as a result of their intention and access.
Equally important are the final two types of insider threat an organization can encounter the accidental and the negligent insider. To the former, accidental insiders are insider threats who, as the name would imply, accidentally expose organizational information or create a vulnerability for information to be stolen. A common example would be a user downloading a malicious file onto their computer as the result of a phishing scam. Although the threat actor launching the phishing attack is the primary actor, the unwitting (another term commonly used to describe accidental insiders) employee has facilitated an attack without deliberately intending to do so.
The negligent insider, while similar to an accidental insider, is a threat actor who exposes information as a result of not following company policies or best practices. Take, for instance, a company whose policy for its remote employees is that employees never connect to an open wifi network and for their laptop screen to be protected by a screen cover. The negligent employee proceeds to work from their favorite coffee shop (open network) without their screen cover. Potentially, this exposes the data in transit from the employee’s laptop on the network and also allows the employee to be target of shoulder surfing (a term used to describe one who attempts to gain on-screen information by looking over the user's shoulder). Although the employee still isn’t deliberately trying to harm the organization, by not following company policy, they are increasing the likelihood of having company data compromised.
In their 2018 Insider Threat Report Cybersecurity Insiders partnered with Crowd Research Partners to reveal some interesting statistics about the insider threat landscape:
- Of the survey’s 472 respondents 90% of them feel vulnerable to insider attacks with a 53% majority having confirmed insider attacks against their organization within the past 12 months
- Of the types of insider threats organization’s are most concerned about the majority of organizations are MORE concerned with accidental and negligent insiders
- The most common culprit of insider threat is accidental exposure by employees
- Two-thirds of organizations (66%) consider insider threats to be more likely than external attacks.
What often comes as a surprise to those new to the insider threat field is the very legitimate concern organizations have regarding accidental and negligent insiders and the frequency in which organizations placed at risk as a result of these threat actors. Depending on what type of organization you belong to, the type and value of data you house or transmit, and the threat landscape your organization faces are all variables in determining how your organization should address insider threat. Take these variables into account when determining where your organizational focus should be when it comes to mitigating insiders.
Insider threats, however, are one of many threat actors that can have a lasting impact on your organization. In a world where data is becoming increasingly difficult to protect and where the cyber threat landscape is continually growing, CyberVista is here to help.
Navigating Your Threats
CyberVista’s in-person or digital executive training programs are here to help you navigate the complex threat landscape your organization faces. Insider threat is one of many threat actors our program details. By the end of your training, you’ll have the cyber literacy skills built to know the types of threats your organization faces, what motivates them, and how best to address the risk brought on by your organization's unique threat landscape. Help your organization ensure that with proper training your greatest assets really are your employees.
Author’s Note: Some cybersecurity professionals would classify non-malicious insider threat’s as untrained users, devoiding non-malicious insider threats of a less nefarious title. If pursuing a cyber certification be sure to have a clear understanding of the difference of both insider threat and an untrained user.