By Yuri Martsinovsky, CEO, SoftActivity
Many people think that all of the biggest security threats come from outside sources such as hackers. However, the truth is that one of the most damaging threats to a company comes from inside the company itself. These insider threats are also becoming increasingly common now with a majority of companies have dealt with an insider attack at least once.
For these reasons, many companies are starting to put more of a focus on preventing insider threats before they can inflict any damage. But what exactly is an insider threat and what makes them so dangerous?
A Threat from Within
The term “insider threat” is generally pretty self-explanatory. But an insider threat is any person already associated with an organization who then acts in a malicious manner to damage the organization. In most cases, this entails things like fraud and theft.
Although that is the broad definition, there are different kinds of insider threats that should be specified.
Not all insider threats act against their organization on purpose. Some of them are unwilling actors who are either tricked or coerced into acting maliciously. For example, perhaps an employee in a company that handles financial information is tricked into entering customers’ information into an online form, leaking the information to a hacker who will use it for nefarious purposes.
Some cases of insider attacks are also the result of state-sponsored attacks. In these cases, a government has either compelled a current member of the organization into acting maliciously or hired someone to infiltrate the company with the intention of stealing information or otherwise harming the organization. These kinds of insider threats are often very sophisticated and coordinated, making them especially dangerous.
A famous example of this happened in 2009 when a Boeing engineer named Dongfan “Greg” Chung stole trade secrets from Boeing and gave them to the Chinese government.
When an individual becomes an insider threat of their own accord, it is often an act of greed for they feel that they may benefit from it in some way, whether this be from selling sensitive information, committing fraud, or directly stealing from the organization.
Costs and Damages
Insider threats can be one of the costliest security breaches an organization could ever have to deal with. Not only can the damage control required after an insider attack be an expensive procedure but, depending on what the attacker was able to access, the attack itself could end up costing the organization a large amount of money.
The average total cost for a data breach in the US is $7.91 million and this amount is increasing with every year.
But money isn’t the only thing that an insider threat can cost an organization. Depending on what they end up gaining access to, they could steal valuable and sensitive information such as customer data, trade secrets, employee account information, and much more.
Moreover, if they do end up accessing customer data, such an attack could end up being a PR nightmare for the organization and hurt the trust that customers place in them. And this, of course, could lead to a loss in business which itself may end up costing the company a large amount of money.
On the Defense
Since there is so much at risk regarding insider threats, it should be no surprise that many companies are now focusing a lot of their efforts on preventing them from happening. These prevention methods include both early detection as well as prediction.
A few of the most common ways organizations attempt to prevent insider threats include using employee monitoring software to track employee behavior, employee awareness training programs, and a more extensive screening process for new hires.
However, no prevention measure is ever going to be 100% secure. Mistakes happen and humans are always the weakest part of any organization’s security, which makes insider threats all the more dangerous.
Unlike with outside security threats that largely depend on exploiting known security flaws in software, insider threats are much more unpredictable and can still happen even when an organization’s security is otherwise flawless. This makes them especially difficult to defend against and contributes to them being one of the biggest security threats.
About the Author
Yuri Martsinovsky is the CEO of the SoftActivity Company. He covers insider threats, computer monitoring, and other enterprise security topics. Yuri can be reached online at Twitter @SoftActivity and at company website https://www.softactivity.com/