When considering cybersecurity measures, many business leaders forget about insider threats, malicious threats from within their organizations. While an effective cybersecurity strategy should evaluate external threats, it should also assess the likelihood of cyber threats from within.
Insider threats aren’t going away anytime soon. They’re on the rise, according to a new study from The Ponemon Institute, sponsored by ObserveIT and IBM. The number of insider-caused cybersecurity incidents has increased significantly by 47 percent since 2018, the study found.
Additionally, insider threats are costing businesses millions of dollars. The average annual cost of insider threats has jumped in the past two years — rising 31 percent to $11.45 million, the same report revealed.
Even though the numbers are alarming to many, you can avoid becoming a statistic by following some best practices.
What businesses can do to protect themselves from insider threats
With insider threats being commonplace in today’s ever-growing threat landscape, many companies are taking immediate action to protect their assets from these threat actors. Additionally, many of these businesses have failed to recognize how challenging combating insider threats can be when the proper systems and processes to monitor and assess potential risks aren’t in place.
Paying attention to who has access to what is of the utmost importance when you’re trying to do your best to mitigate threats from the inside. Take stock of all the privileged accounts within your organization. How many are there? Who has access to them? What can users access when logged into these accounts? If you don’t know the answers to these questions, find out immediately. Then, audit privileged access regularly to ensure you know who has access to sensitive data.
Another way to protect yourself from insider threats is to properly screen contractors and employees before giving them privileged access. Who are these individuals? Where did they come from? Perform background checks during personnel screenings to help with mitigating potential insider threats from the onset. Even if candidates pass background checks, monitoring their actions after they become employees is essential.
You can accomplish this by monitoring file activity. There are technologies available that can detect unusual file movements on your systems and networks. For example, designed to track end-user behavior, activity monitoring (UAM) tools can help businesses with stopping insider threats.
But not all insider threats are the same.
Types of insider threats
Some are accidental, while others are deliberate. This difference is what makes fighting insider threats so challenging — even if you’re a cybersecurity expert.
Unintentional insider threats occur when an employee or contractor with privileged access is negligent. For example, an employee leaves an unsecured device unattended, and it’s stolen. The thief now has access to your networks, and you may not even be aware of the threat until it’s too late.
On the other hand, a deliberate insider threat is when someone you gave privileged access to at some point, intentionally harms your organization. This threat is common among disgruntled employees.
Despite efforts by the cybersecurity community to curb insider attacks, the threat is growing. By being aware of how to mitigate insider threats, organizations can better protect themselves, their employees, and their stakeholders.