Thwarting insider threats is one of the most difficult challenges for companies, organizations, and governments. In fact, behind phishing, it is most often ranked as one of the top cybersecurity challenges by CISOs and CIOs. According to PwC’s Audit Committee Update on Insider Threat, 44 percent of data breaches are attributable to insiders and 80 percent of attacks are committed during work hours on company-issued software.
Insider threats can impact a company’s operational capabilities, cause significant financial damages, and harm brand equity. The mean cost of a cybersecurity breach involving employees or others within an organization is $8.7 million, according to a Ponemon Institute report, “2018 Cost of Insider Threats: Global”.
Some insider breaches are intentional and some are non-malicious, just the result of negligence. There have been a variety of recent malicious incidents that have included employees stealing hard drives of data, leaking information, and even inserting malware into networks. Often the goal has been to steal intellectual property, company secrets, or in some cases commit sabotage. Inadvertent mistakes also pose an ongoing threat. A common activity is sending an email attachment to the wrong person that puts unprotected data at risk. When it comes to any type of security, humans are often the weakest link.
To understand vulnerabilities to insider threats, it is important to be able to define and categorize the types. The Information Security Forum (ISF) provides a solid framework for describing the types of insider breaches:
- Malicious: Malicious insider behavior combines a motive to harm with a decision to act inappropriately. For example, keeping and turning over sensitive proprietary information to a competitor after being terminated.
- Negligent: Negligent behavior can occur when people look for ways to avoid policies they feel impede their work. While most have a general awareness of security risks and recognize the importance of compliance, their workarounds can be risky.
- Accidental: ISF members report that completely inadvertent breaches are more common than malicious ones.
All three insider breach categories are concerns because sensitive data is everywhere and easily accessible if dynamic policies and fine-grained data in use controls are not in place. The number and types of client devices using services have multiplied and employees no longer just operate within corporate networks. Virtual teams are assembled, changed, and then disbanded after specific projects. When a mission or project ends, employees could still have information related to the project. Furthermore, perimeter-based defenses are no longer adequate, as enterprise boundaries dissolve with the growing use of mobility, cloud, and collaboration with external partners.