There are a great many movie plotlines that revolve around malicious insider actions that cause havoc in an organization. The 1993 film Jurassic Park is perhaps the most famous example: A disgruntled IT staffer cripples all internal systems and inadvertently lets the dinosaurs loose while he attempts to escape with stolen intellectual property (IP).
Several decades later, insider threats are more of a security concern today than ever before. Examples of insider threats include IT negligence that leads to a breach, gullible employees who feel compelled to click on the links and attachments in phishing emails, and former employees looking to make money or otherwise harm the organization.
According to a recent report by Elevate Security, however, most employees are trustworthy and don’t engage in malicious activity—only 4 percent of internal users are responsible for 80 percent of phishing incidents. To minimize these threats, it’s important to understand where the biggest risks are and the best ways to address them.
This study of 168,000 users over a five-year period found that serial clickers can be fooled by phishing scans as much as twice in one month. They may be tricked into divulging their credentials or they may accidentally download an attachment containing ransomware. These threats can wreak havoc on the broader organization and lead to significant long-term consequences.
Fortunately, the study also found that most people resist the temptation to fall into the scammers’ traps. Almost 80 percent of users never click on a phishing email, and 93 percent have never been involved in a malware incident, according to Elevate Security.
Read more about phishing on Security Planet: Complete Guide to Phishing Attacks: What Are the Different Types and Defenses?
A largely under-the-radar area of insider trouble is neglect or sloppiness from within the IT department. The 2022 Ponemon Cost of Insider Threats report by Proofpoint calculated that insider threats cost organizations USD 15 million or more in 2021, up 34 percent from the previous year.
This is due to a variety of IT-related issues, including:
- Poor endpoint security
- Unsecured cloud systems
- Undeployed critical patches
- Backup failures or corruption
- Internet of Things (IoT) device insecurity
- Inadequate Bring Your Own Device (BYOD) policies
- Unsecured Wi-Fi networks
Proofpoint research also found that 56 percent of insider-related incidents are caused by negligent personnel, 26 percent boil down to criminal insider activity, and 18 percent involved credential theft due to poor security or weak password policies. This includes contractors and supply chain partners who are often allowed access to corporate networks without being restricted to only essential systems.
Read more about insider threat vulnerabilities on eWeek UK: Insider Threat Awareness Month: How the Biggest Threats May Be Coming From Within
Risks from former personnel
Former employees present significant threat potential, yet they often retain access to corporate systems or take valuable data with them when they leave the company.
Beyond Identity’s recent study found that 83 percent of former employees could still access some corporate accounts after their departure. They may be locked out of some systems, but many have access to one or more accounts unless HR and IT are very thorough in the offboarding process. The study also found that half of the businesses have failed to implement automated processes that change user passwords when someone leaves. Surprisingly, only a third of organizations delete user accounts as part of the offboarding process.
Beyond Identity also discovered that around 25 percent of employees admit to having taken client information from a former employer. This includes lists of client names and contact information all the way up to entire customer relationship management (CRM) databases in extreme cases. About 24 percent of former employees have stolen some kind of financial information, and 56 percent have used continued digital access to impact a former employer.
Most employers are somewhat aware of these issues—75 percent believe they have been negatively impacted by a former employee breaching digital security. However, 60 percent believe their company to be digitally secure.
Learn how to secure your business on TechRepublic: Insider threats: How trustworthy are your employees?
Guarding against insider threats
More policy enforcement is certainly needed to address the risk of insider threats. Both IT and HR need to improve their vigilance against the potential for harm coming from departing and former employees.
CIOs are cautioned to place more attention on these insider threat issues as well. They require constant alertness and an adequate array of security tools including endpoint protection, vulnerability scanning, and patch management.
Additionally, security awareness training must be used to educate broadly AND identify those employees who present a significant vulnerability. IT should prioritize the ability to spot strange patterns or anomalous activity and work closely with HR to help employees change their habits.