Insider Threats and How to Stop the Harm They Cause
This article is featured in the magazine, Preventing a Cyberattack: A Guide to Cyber Readiness. Download it now.
By Susan Hoffman, Contributor, In Public Safety
Insider threats account for nearly 75 percent of all security breach incidents, according to SecurityIntelligence, and remain one of the greatest challenges for organizations.
In today’s working environment, employees are constantly connected to office networks through smartphones, tablet computers, and laptops, which provide many opportunities for intrusion.
In some cases, employees may cause a security breach through a simple human error. For example, an employee may accidentally click on an email link that leads to a site with malware or download a seemingly innocent program containing a Trojan horse virus onto an office computer.
But there have also been cases when employees with a grievance deliberately inflicted damage on their employers’ computer systems. Often, these employees were unhappy with management, wanted to make a statement, actively worked for a competitor, or had recently been fired.
Ryan Francis of CSO Online notes that various businesses have lost from $5,000 to $3 million in cybersecurity incidents caused by company insiders. IBM Security has an online calculator for organizations to determine the potential cost of a data breach. This calculator determines risk factors by location, industry, and cost factors.
How Can Insider Threats Be Detected?
Tripwire points out that insider threats can go undetected for years because it’s hard to distinguish harmful action from regular work. Any company is vulnerable, especially if funds or valuable data are involved. The longer the breach goes undetected, the more damaging it becomes for the company.
But there are warning signs that an employee may become an insider threat, such as:
- Sour acceptance of a poor performance appraisal
- Disagreements with company policies, coworkers, or managers
- Unexplained financial gains or financial distress
- Changes in working hours without authorization
- Unusual overseas travel
- Imminent departure from the company
There are many reasons organizations must work diligently to address the insider threat. Apart from the potential loss of critical data and the expense of fixing its systems, an insider breach results in negative publicity for the company. Executives must explain to customers and news sources how the breach happened, what the company is doing to fix it, and try to reassure customers that the organization can be trusted with personal information.
The reality is that an organization can’t protect its network from every person or vulnerabilities from every device 24/7. Internal and external cybersecurity threats are constantly evolving, so regular education is a must for both IT security employees and everyone else within an organization. However, through enhanced education and constant security monitoring, an organization can reduce the risk of cybersecurity breaches from insiders.
About the Author: Susan Hoffman is an author and editor covering critical topics in cybersecurity, military history, careers, higher education, and more. Her expertise includes digital marketing, content marketing, cybersecurity journalism, SEO, blogging, and social media. Susan is a regular contributor to In Cyber Defense and has also written articles for In Homeland Security, In Military, Online Career Tips, and Online Learning Tips. Susan has a B.A. cum laude in English from James Madison University and is presently earning an undergraduate certificate in ecommerce from American Public University. To contact the author, please email IPSauthor@apus.edu. For more articles featuring insight from industry experts, subscribe to In Public Safety’s bi-monthly newsletter.