An insider threat is a threat to an organization that comes from negligent or malicious insiders, such as employees, former employees, contractors, third-party vendors, or business partners, who have inside information about cybersecurity practices, sensitive data, and computer systems. It is a type of cyber threat. The threat may involve fraud, theft of confidential or commercially valuable information, theft of intellectual property and trade secrets, sabotage of security measures, or misconfiguration that leads to data leaks. A SANS report on advanced threats identified major gaps in insider threat defense driven by a lack of baseline into normal user behavior as well as poor access control management of privileged user accounts, which are attractive targets for brute force attacks and social engineering attacks such as phishing. Even the best security teams struggle to detect insider threats. Insiders, by definition, have legitimate access to the organization's information and assets. It's hard to distinguish between normal activity and malicious activity. Compounding this problem is the fact that insiders typically understand where sensitive data is stored and may have legitimate access needs, making roles-based access management an ineffective control. As a result, a data breach caused by insiders is significantly more costly than one caused by external threat actors. In the Ponemon Institute's 2019 Cost of a Data Breach Report, researchers observed that the average cost per record for a malicious or criminal attack was $166, versus $132 for system glitches, and $133 for human errors. Read our full post on the cost of a data breach for more information. Pair this with the fact that insider threats account for 60 percent of cyber attacks (IBM) and nearly a third of data breaches (Verizon) and you see why developing an insider threat program is a valuable investment. It's important to note these numbers include increased reporting of internal errors as well as malicious intent. Either way, it shows the need for security teams to develop insider threat detection methods that prevent sensitive information from being exposed by threat actors and negligent insiders alike. What are the Different Types of Insider Threats?There are many different types of insider threat that are security risks:
How to Detect an Insider ThreatThere are common behaviors that CISOs and their security teams should monitor and detect in order to stop active and potential insider threats. A good rule of thumb is any anomalous activity could indicate an insider threat. Likewise, if an employee appears dissatisfied or resentful, or has started to take on more tasks that require privileged access with excessive enthusiasm, that could indicate foul play. Common Indicators of Insider ThreatsThe common indicators of compromise of insider threats can be split into digital and behavioral warning signs: Digital Warning Signs
Behavioral Warning Signs
While human behavioral warnings can indicate potential issues security information and event management (SIEM) or user behavior analytics tools are generally more efficient ways to detect insider threats as they can analyze and alert security teams when suspicious or anomalous activity has been detected. How to Prevent Insider AttacksThere are a number of things you can do to reduce the risk of insider threats:
Insider Threat ExamplesThere are a number of high profile insider threat examples:
How UpGuard Can Help Detect Leaked Data and Exposed CredentialsFor the assessment of your information security controls, UpGuard BreachSight can monitor your organization for 70+ security controls providing a simple, easy-to-understand cyber security rating and automatically detect leaked credentials and data exposures in S3 buckets, Rsync servers, GitHub repos, and more. This includes open ports and other services that are exposed to the public Internet. Our platform explicitly checks for nearly 200 services running across thousands of ports, and reports on any services we can't identify, as well as any open ports with no services detected. Get a 7 day free trial of the UpGuard platform today. Continue Learning about Cyber ThreatsInsights on cybersecurity and vendor risk management. eBooks, Reports & Whitepapers |