This article is part 1 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats to the modern enterprise.

Insider cyber security threats are much more prevalent than most of us realize.

IBM estimates that 60% of all cyberattacks are perpetrated by those with insider access; McAfee cites enterprise insiders as a major source of PII (Personally Identifiable Information) sold on the dark web, particularly in the healthcare industry; and at least two-thirds of major corporations reported insider threat incidents in 2016 ranging from file theft and destruction to selling passwords and deliberately sabotaging critical systems.

Although it’s not the focus of this article, even government organizations face these threats, with over 40% reporting such incidents every year. It’s a serious yet incredibly overlooked risk.

Employees turn malicious for a variety of reasons.

Some are disgruntled and respond by acting out electronically against their coworkers and employers. Others have personal or financial problems outside of work that trickle into the workplace and manifest themselves in destructive behavior. This includes those who may be bribed or financially incentivized to sell credentials or other information. Others yet are simply thrill-seekers who might enjoy file theft or system sabotage. As research in cyber psychology shows, we’re likely to behave more recklessly online than we are in-person anyway.

There are many aspects to addressing and combating these insider threats. Much like anything in security, there is no “silver bullet” that will instantly and irreversibly absolve all risk. Instead, securing an enterprise against insider threats involves a comprehensive and multi-pronged approach, bringing together monitoring, active threat identification, training, a corporate security culture, and more – which will be addressed over the course of this series.

This first article will focus on monitoring cyber behavior (Read more...)