Insider threat stealing code Insider threats have always been a significant possibility for many organizations, but in recent months we’ve seen a boom in incidents highlighting this particular risk. Insider threat prevention can be a difficult task to handle, as it generally encompasses viewing your own employees in a poor light and visualizing the negative impact they could cause.

It’s also unsettling to recognize that you will never be able to eliminate insider threats within cybersecurity, because there’s no way to keep data completely safe from the people you give it to. Insider threats know your weaknesses and are already past many of your defenses.

In the blog below we will define insider threats and what your organization can do to prevent both insider threat instances and the negative results that follow.

Insider Threats Defined

An insider threat is, as the phrase implies, a threat that comes from inside your organization. If you want to simplify it more, insider threats boil down to the risk of malicious or negligent human action.

According to the Department of Homeland Security, intentional insider threats include sabotage, theft, espionage, fraud, and competitive advantage. These are malicious in intent, but not necessarily any worse than unintended actions. These types of threats include human error or unintentional aiding and abetting, such as ignoring policy for convenience, clicking on phishing links, or losing credentials. Both malicious and unintentional actions have the capability to cripple an organization.

Who insider threats include:

• Current employees
• Former employees
• Business partners
• Any person with inside information or access

The Surge of Insider Threats

In recent months we’ve seen cybercriminals taking advantage of the global pandemic, increasing both the frequency and scope of their attacks on unprepared organizations.

Deputy assistant director of the FBI’s Cyber Division, Tonya Ugoretz, stated that the Internet Crime Complaint Center was receiving between 3,000 and 4,000 cybersecurity complaints each day. This is a notable increase from about 1,000 complaints that were received prior to the COVID pandemic. While we don’t have an exact number, it’s safe to assume that a large portion of these incidents is resulting from insider threats.

According to Verizon’s 2020 Data Breach Investigations Report, 30% of breaches were caused by insiders.

Lately, we can understand the increase in breaches by taking a closer look at our workforce. This is a difficult time that evokes a lot of emotions, which can cause people to act in new, unpredictable ways. As we discussed, insider threats can be intentional or negligent.

Current factors that can create intentional insider threats include how the company reacted to the COVID crisis. Perhaps a specific employee was laid off, suffered a pay reduction, or was forced to work in an environment they believed to be unsafe. All of these instances can trigger an emotional response that expresses itself in the form of sabotage. A financially motivated employee might resort to theft or espionage, either to make up for lost wages or just to take advantage of a situation.

Unintentional mistakes are even more likely because many employees would not have received the proper training to work remotely, and many companies reported difficulties managing user access and VPNs. The reality is that not many businesses were prepared to work remotely on the scale that COVID forced. Some workers may have even used unapproved software or device to simplify tasks that became more difficult from a home environment. In an environment where work policy is not clear, users may resort to personal practices that may not be the most secure. These include saving passwords online, not locking your device when leaving it unattended, or browsing the web on an unprotected network.