Insider threats make up 43% of all data breaches. This is a very real problem for organizations in any industry. With global GDPR and new GDPR privacy laws in California and Colorado, it is imperative that companies know where their data resides. Fines under GDPR can be up to 4% of the company’s annual revenue. That is a huge setback for a business of any size. Why risk massive fines and lawsuits from insider data breaches that are easily preventable? To answer this, we’ll first dive into some common types of insider threats within an organization.
An insider threat is a malicious threat to an organization that comes from people within the organization. This can include employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems.
The two main types of insider threats are turncloaks and pawns. A turncloak is an insider who is maliciously stealing data. In most cases, it’s an employee or contractor. A pawn is just a normal employee who makes a mistake that leads to data loss or compromise.
Most stories that make the news are about malicious actors within the company that leak information to further their own agenda. For example, in (2018) Tesla had an employee send highly sensitive documents to outside parties. It is suspected that these parties are in the oil and gas industries that don’t want Tesla to succeed. Headlines like this will make the news every single time they happen. However, the notion that insider threat is only composed of malicious employees couldn’t be farther from the truth. Every employee is not out to get you. The much more common version of insider threat encompasses leaks that are unintentional.
Even though many data leaks are unintentional, there are still instances where employees maliciously cause a breach. For example, in 2018 a former Cisco employee pled guilty to intentionally accessing the company’s cloud infrastructure without authorization. The former employee admitted that he acted recklessly in deploying the code, and consciously disregarded the substantial risk to the company. The 2020 Insider Threat Report states that 63% of firms believe that privileged IT users are the biggest insider security risk.
One of the most famous insider threats in the last ten years is the Target Corp. Breach of 2013. The cyberattack affected the records of 60 million customers. The breach was an externally instigated insider threat. The thieves had sophisticated knowledge and a clear understanding of the cardholder data flows. This information allowed them to pinpoint where to steal the specific data and exfiltrate it.
Imagine this: an employee accidentally emails a file to the wrong person. Sound familiar? We’ve all done it. There is absolutely no malicious intent in this situation, but the outcome is essentially the same. Now someone can access files they shouldn’t have access to. This is a far more common scenario of insider threat that is often overlooked when implementing a data protection policy.
Another common scenario is an employee leaves the company and takes company data with them. Again, this can be malicious but most of the time it is completely accidental. Typical scenarios occur in roles that feel very strong ownership of their data, such as salesmen with leads, or programmers with code.
Oftentimes they will actually try to remove all company data from their machines but some files fall through the cracks. This poses a very large risk to the organization’s information security.
67 percent of organizations surveyed couldn’t detect whether an employee who left the company was still accessing corporate resources. Don’t remain in the dark.
To combat the insider threat, organizations can implement a proactive cybersecurity service such as SecureCircle in order to detect and identify threats, assess risk, and manage that risk - before an incident occurs.
SecureCircle can mitigate the risk of insider threats because we operate with the assumption of Zero-Trust. We assume data is at risk no matter where it resides, even on your network. All sensitive data is protected from creation and our encryption follows it anywhere it goes. You can only read an encrypted file if your device has gone through the one-time SecureCircle client installation. All interactions with a file are logged and you can analyze this data however you choose.
If a malicious employee wants to send a protected file to a 3rd party, they can try all they want. The 3rd party will be unable to read the file because they don’t have the SecureCircle client. If the malicious employee releases the file from the Circle (decrypts it) and sends it, that information is logged and you can be alerted. Same goes for a benevolent employee who accidentally emails the wrong file to someone. They won’t be able to open it. When an employee leaves the company, all you have to do to protect your data is remove SecureCircle client from their device.
Ensure your business against insider threats with SecureCircle.
Sources:
1. https://www.absolute.com/en/solutions/insider-threat
2. https://www.businessinsider.com/tesla-employee-engaged-in-sabotage-against-the-company-report-2018-6
Learn more about how SecureCircle secures Source Code for customers.
SecureCircle helps organizations meet over 40 controls and practices to obtain Level 3 certification.