Insider Threat

Insider threat has been a long-standing concern amongst business, and there are important considerations from both an operational and a security perspective to manage, mitigate and respond to risk appropriately.

This is not strictly limited to the employees currently in the business, but also those who have previously left. Insider threat is designed by any type of threat, both accidental and intentional, caused by an individual or party from within the organisation. This is not limited to “malicious activity”, either, but instead the weaknesses in which attackers can exploit to gain access to data or systems on the network.

According to statistics published by Fortinet, the biggest perceived risks posed by insider threat stand at 71% for inadvertent data breaches, often caused by careless or accidental user interaction with data, 65% for negligence, caused by employees purposely ignoring company policy and finally 60% as a malicious data breach. Note that these attacks are not always malicious, but instead lead to a wider issue around training, awareness, security protocols and system administration.

The key targets here, for the majority of attackers, are finance at 41%, customer support and success services at 35%, closely followed by R&D at 33%. Attack types may be as simple as an employee sending an email chain to the wrong recipient, all the way up to providing network or system access to an external party without authorisation.

It is important to recognise each risk, ideally as part of your business security risk register, and identify policy, process and physical countermeasures to reduce, mitigate or eliminate these individually. Reducing the attack surface of your organisation is part of a wider operational change, but with co-ordination, acceptance and a willingness to address these concerns, the right changes can be implemented with little impact on business function.