Don’t give insider threats a VIP pass to the sabotage show

Please note: This post was written by Highlander prior to their rebrand to FluidOne Business IT - Sheffield.

We are huge advocates of businesses taking every step they can to keep their data safe. After all, it’s one of your most valuable assets, and is crucial to preserving the longevity of your business. But while many organisations are already switched on to the risks that emerge outside of their business, another source of cyber risk is often overlooked – the threats posed by those inside your organisation.

The idea of an insider threats might seem like a sabotage story founded in fiction, but the risks are very real and can impact your business just as negatively as any of the well-known external attacks you might already be aware of.

An insider threat is exactly what it says on the tin. It’s when a security threat is created by individuals inside your organisation. These insiders are hidden amongst the people that you see every day and could be a significant risk to your business without you even knowing.

They could be your current employees, your former employees, contractors and even trusted associates such as third-party suppliers – essentially anyone with access to your data, personnel and systems.

It’s also important to understand that insider threat aren’t only a risk for large organisations. Small businesses and SMEs are just as susceptible. And with more than 34% of businesses around the globe being affected by insider threats each year, it might be a good time to take appropriate steps to reinforce your defences.

Any employee can be an insider threat, but why would someone inside your business want to compromise it? It’s an important question, but there’s another equally important one that comes first – was the threat intentional, or accidental? This is where the concept of insider threats gets more complex, as instigators can be categorised into two groups.

Malicious insider threats are individuals’ that are purposely looking to damage their organisation. These individuals are armed with knowledge of your business and have access to your data and applications which makes them particularly dangerous. Motivations can vary, but there are some common themes:

• An aggrieved employee could be unhappy following redundancy or dismissal.
• An enterprising individual may be looking to sell data or information to another party.
• Someone changing jobs might be looking to take files or contact data with them – think of a salesperson wanting to take their client list with them as they start a new position elsewhere.

Whatever the motivations, instances of employees purposely challenging the security of your data and intellectual property are far from unusual.

But not every insider threat is malicious. Sometimes, they are simply the result of employee negligence and inadvertent errors. This could be from simple slip-ups like sending an email to the wrong person, downloading new versions of corporate files on personal devices, or accidentally deleting a document. It could, however, be something more significant, like clicking on a malicious link from a spoof email. None of these are deliberate acts of destruction, but the end result is still the same.

Just like external cyber attacks, insider threats can have significant impacts. There are financial implications to consider, including additional costs for remediation, such as paying a ransom from a ransomware attack, or compensation as a result of a data breach. Insider threats are also difficult to identify, so plenty of time and resources can be spent trying to retrospectively investigate and attribute blame. There’s also the cost for the loss of critical data, or seeing confidential information fall into the hands of competitors or bad actors.

Away from finances, data breaches and cyber attacks that result from insider threats can also cause significant reputational damage, eroding trust with partners, customers and suppliers. There’s also the impact of lost productivity across the business should any internal systems be compromised for a sustained period of time.

There are a number of steps an organisation can take to reduce the likelihood of insider threats emerging, many of which can be actioned fairly seamlessly.

Firstly, employing a strict employee offboarding policy, where corporate devices are recovered and access to systems immediately revoked reduces the risks from former employees. Deploying appropriate access management can also help to prevent both malicious and inadvertent data exposure. These policies enforce strict controls over which users can access certain files and applications and can provide good insights into which users may or may not have accessed files at certain times.

There are also tools, such as Microsoft Purview, that can help you manage and reduce insider risk. Available as part of some existing M365 plans, Purview allows you to conduct an evaluation of potential insider risks across your business, and harness machine learning templates to identify new risks earlier and respond faster.

Effective user awareness training is also a valuable tool in tackling inadvertent insider threats. This training teaches employees how to detect a potential security breach and empowers users with the confidence to act as a first line of defence.

If you’re looking to reduce the risk of insider threats within your business, or want to learn more about the tactics discussed above? Get in touch with one of the team now.