Insider threat incidents have risen 44% over the past two years according to the 2022 Cost of Insider Threats: Global Report, with costs per incident up more than a third to $15.38 million.
More highlights from the 2022 report reveal that:
- The cost of credential theft to organizations increased 65% from $2.79 million in 2020 to $4.6 million at present.
- The time to contain an insider threat incident increased from 77 days to 85 days, leading organizations to spend the most on containment.
- Incidents that took more than 90 days to contain, cost organizations an average of $17.19 million on an annualized basis.
WHAT ARE INSIDER THREATS
Many companies focus so much on securing the perimeter but neglect to bring the focus to threats from within.
Insider threats can come from the following actors with legitimate access to the company’s network:
TYPES OF INSIDER THREATS AND ACTORS
INSIDER THREAT ACTORS
Malicious insider. This type of threat is usually someone who abuses legitimate credentials and uses them to steal information for financial or personal gain.
Accidental, non-conscious. These threats result from mistakes like clicking on a spam email and infecting a computer or maybe sharing more information than needed with unauthorized parties either verbally or online.
TYPES OF INSIDER THREATS
- Data theft or espionage. e.g. customer information, personal information, and intellectual property.
- Sabotage from the intentional misuse of your IT services and equipment aiming to hurt your business.
- Fraud, by modifying data for individual profit or for causing a huge financial penalty by authorities.
HOW TO PROTECT AGAINST AN INSIDER ATTACK
You have to take the necessary precautions to defend against insider threats. Such actions are also common to other cybersecurity initiatives and include the following:
- Identify and record where your information lives, especially the more sensitive ones.
- Determine who should have access to this information.
- Monitor access, transfer, and modification of this information.
- Build and maintain a “least privilege model” across your organization.
- Regularly review access controls of all accounts.
- Hold regular security awareness training and test the reflexes of your employees with unannounced tests like spam email campaigns.
Ongoing and collective efforts for data protection
Insider threats are difficult to detect and monitor. Data are continuously being created and modified within an organization. An effort to protect that data has to be ongoing and collective in order to be as effective as possible.
A proper culture also has to be formulated, which is unique for each company. You cannot simply copy-paste processes, procedures, and technologies from one environment to another and expect them to perform the same.
Insider threat protection strategy
Without an insider threat protection strategy in place, many companies will end up reacting to a breach instigated by a high-risk employee, instead of preventing one. In cybersecurity, it is crucial to be preventing an incident than react to it.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.