Insider Threats – The Number One Security Risk

While it’s important to shore up your cyber security defences against hackers and cyber criminals, what about planning for and preventing an inside job? According to a recent survey of global corporate executives by Carnegie Mellon University’s CERT Insider Threat Center, insider threats were their number one security concern.

Who poses a risk?

Insider threats can come from ‘malicious insiders’ including former and current employees, contractors and sub-contractors, business partners and anyone else with access to your business network, IT systems and business critical data. CERT Insider Threat Center identified the following employees as posing the greatest threat to an organisation:

• Disgruntled employees motivated by revenge: typically someone who feels personally slighted, possibly due to a missed pay raise that was expected, or a negative encounter with supervisors over work, benefits, time off, demotions, transfers or other similar issues

• Profit-seeking employees motivated by money: by stealing information and selling the stolen data to organised criminals, or modifying the data to steal an identity, the employee stands to make money. The information is generally easy to access and steal for the employee, and they may rationalise the theft by telling themselves, ‘the company won’t even miss it’

• Departing employees motivated to gain a competitive advantage: if an employee is starting their own business or moving to work for a competitor they may be tempted to take with them company information and data that gives them a competitive advantage. This might include customer lists, business plans, and other examples of the organisation’s IP

• Employees who think they have rights to IP: these employees might think they own the code they wrote or product they developed because of their involvement in creating it. They don’t appreciate that it belongs to the company and taking it to use elsewhere infringes IP copyright

Human error and negligence can also be a factor when it comes to insider threats. For example an employee may not recognise a phishing email and click on a link or reply with confidential information. Raising awareness of cyber threats and providing training to all employees is a key way to prevent this type of insider threat. However in this instance, we’re focusing on malicious insiders and how businesses can mitigate against this particular threat.

How can you protect your business from malicious insiders?

We partner with Watchful Software to protect our clients’ data against exactly these kinds of threats. This security solution provides data-centric information protection against both accidental and malicious disclosure. How does it work?

Automated enforcement of corporate policies. Every time an email, document, spreadsheet or report is created it is automatically analysed for compliance against the company’s information control policy.

Data classification. If the information meets certain triggers it will be classified, marked and protected, including restricting access so only x individuals can use it.

Monitors and spots fraudulent access attempts: RightsWATCH (Watchful’s software solution) can also spot attempts from non-authorised users to access protected information data, and potentially identify malicious insiders.

Just as you can help prevent data breaches caused by negligence by raising awareness of the risks with your staff, you can also deter malicious insiders in the same way. When employees are aware that the company is monitoring networks and their usage, and that the organisation is taking a proactive approach to insider threats, they are less likely to attempt this kind of criminal activity.

For more information about RightsWATCH and to explore other cyber security measures to protect your organisation, contact the OryxAlign team on hello@oryxalign.com or +44 (0)207 605 7890.