What are Insider Threats and How Do You Prevent Them?

Insider threats make up 43% of all data breaches. This is a very real problem for organizations in any industry. With global GDPR  and new GDPR privacy laws in California and Colorado, it is imperative that companies know where their data resides. Fines under GDPR can be up to 4% of the company’s annual revenue. That is a huge setback for a business of any size. Why risk massive fines and lawsuits from insider data breaches that are easily preventable? To answer this, we’ll first dive into some common types of insider threats within an organization.

What is An Insider Threat?

An insider threat is a malicious threat to an organization that comes from people within the organization. This can include employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems.

What are the two types of insider threats?

The two main types of insider threats are turncloaks and pawns. A turncloak is an insider who is maliciously stealing data. In most cases, it’s an employee or contractor. A pawn is just a normal employee who makes a mistake that leads to data loss or compromise.

Examples of Insider Threats

1. Tesla (June, 2018)

Most stories that make the news are about malicious actors within the company that leak information to further their own agenda. For example, in (2018) Tesla had an employee send highly sensitive documents to outside parties. It is suspected that these parties are in the oil and gas industries that don’t want Tesla to succeed. Headlines like this will make the news every single time they happen. However, the notion that insider threat is only composed of malicious employees couldn’t be farther from the truth.  Every employee is not out to get you. The much more common version of insider threat encompasses leaks that are unintentional.

2. Cisco (September, 2018)

Even though many data leaks are unintentional, there are still instances where employees maliciously cause a breach. For example, in 2018 a former Cisco employee pled guilty to intentionally accessing the company’s cloud infrastructure without authorization. The former employee admitted that he acted recklessly in deploying the code, and consciously disregarded the substantial risk to the company. The 2020 Insider Threat Report states that 63% of firms believe that privileged IT users are the biggest insider security risk.

3. Target (December, 2013)

One of the most famous insider threats in the last ten years is the Target Corp. Breach of 2013. The cyberattack affected the records of 60 million customers. The breach was an externally instigated insider threat. The thieves had sophisticated knowledge and a clear understanding of the cardholder data flows. This information allowed them to pinpoint where to steal the specific data and exfiltrate it.

Unintentional Insider Threats

1. Employee mistakes

Imagine this: an employee accidentally emails a file to the wrong person. Sound familiar? We’ve all done it. There is absolutely no malicious intent in this situation, but the outcome is essentially the same. Now someone can access files they shouldn’t have access to. This is a far more common scenario of insider threat that is often overlooked when implementing a data protection policy.

2. Employee leaves the company with your data

Another common scenario is an employee leaves the company and takes company data with them. Again, this can be malicious but most of the time it is completely accidental. Typical scenarios occur in roles that feel very strong ownership of their data, such as salesmen with leads, or programmers with code. 

Oftentimes they will actually try to remove all company data from their machines but some files fall through the cracks. This poses a very large risk to the organization’s information security. 

67 percent of organizations surveyed couldn’t detect whether an employee who left the company was still accessing corporate resources. Don’t remain in the dark.

How to Prevent Insider Threats

To combat the insider threat, organizations can implement a proactive cybersecurity service such as SecureCircle in order to detect and identify threats, assess risk, and manage that risk - before an incident occurs.

  • 1. Adopt Zero Trust DLP that persistently secures data by default
  • 2. Monitor all user, device, application, network, and data events for suspicious activity
  • 3. Publish and follow an information security policy :
    a. Data use policy
    b. Privacy policy
    c. Event and audit log policy
    d. Device and network access policy including remote access
    e. Password policy
    f. Software use policy
  • 4. Define and follow Risk Assessment and Business Continuity processes
  • 5. Require security awareness training
  • 6. Test backup and incident response systems

How SecureCircle Prevents Insider Threats

SecureCircle can mitigate the risk of insider threats because we operate with the assumption of Zero-Trust. We assume data is at risk no matter where it resides, even on your network. All sensitive data is protected from creation and our encryption follows it anywhere it goes. You can only read an encrypted file if your device has gone through the one-time SecureCircle client installation. All interactions with a file are logged and you can analyze this data however you choose. 

If a malicious employee wants to send a protected file to a 3rd party, they can try all they want. The 3rd party will be unable to read the file because they don’t have the SecureCircle client. If the malicious employee releases the file from the Circle (decrypts it) and sends it, that information is logged and you can be alerted. Same goes for a benevolent employee who accidentally emails the wrong file to someone.  They won’t be able to open it. When an employee leaves the company, all you have to do to protect your data is remove SecureCircle client from their device.

Ensure your business against insider threats with SecureCircle.

1. https://www.absolute.com/en/solutions/insider-threat
2. https://www.businessinsider.com/tesla-employee-engaged-in-sabotage-against-the-company-report-2018-6

Download Whitepaper

Ready to Get Started?

Secure your source code

Secure Your Source Code

Learn more about how SecureCircle secures Source Code for customers.

Read the Case Study
CMMC icon

Cybersecurity Maturity Model Certification

SecureCircle helps organizations meet over 40 controls and practices to obtain Level 3 certification.

Learn More