3 Most Common and Risky Insider Security Behaviors

Too many organizations today turn a blind eye toward malicious and negligent insider behavior that puts their organizations at higher risk of fraud and cyberattacks. Those insider blinders are costing them hugely. According to a survey out last month from Ponemon Institute, insider security threats are zapping enterprises an average of $8.76 million per incident. That’s nearly 2.5x what a typical breach costs organizations, meaning that when insiders cause a security incident, they’re usually far more damaging than the average attack.

A new report out this week from Dtex Systems brings into focus the kinds of security behaviors that are triggering these expensive incidents. According to Dtex, there are three main types of insider threats: malicious users, negligent users and infiltrators. Malicious users intentionally engage in risky behavior for either the purpose of harming the organization or out of laziness or apathy. Negligent users engage in harmful behavior out of ignorance, carelessness or just in error. And infiltrators are outsiders who manage to break into the organization via insider accounts.

Risky Behavior: Bad for Business

Based on thorough risk assessments done on a range of organizations of various sizes and in a number of industries, the study examined behaviors exhibited by all three types of insider threats. It took a look at the prevalence of some of the riskiest behaviors that employees, partners and contractors engage in today. The conclusion? Risky behaviors are a lot more common than those in denial might think. Here are three of the most prevalent behaviors that indicate an organization’s insider risk is high.

Seeking Security End-Arounds

One of the key indicators of malicious users is behavior meant to get around current security defenses. Approximately 60 percent of assessments found insiders actively attempting to bypass security measures by using private browsers or researching how to bypass security measures. 

Embracing High-Risk Apps

The use of high-risk applications can sometimes straddle the fence between maliciousness and negligence. The report showed that 72 percent of assessments found unauthorized use of high-risk applications. Many among them were the kind of hacking tools used to bypass security measures, including hacking tools. Others were sometimes unsanctioned applications downloaded by ignorant employees to use in their daily work. In both cases, these kinds of apps put organizations at risk of fraud from the insider themselves or by infiltrators who hide malware in pirated software and other one-off “tools” downloadable from the internet.

Playing Fast and Loose with Data

The double-edge sword of easily accessible cloud storage is how easily the convenience factor can be turned to expose sensitive data. The study reported that 78 percent of assessments found company data publicly accessible online. That’s a 14 percent increase over last year. Meantime, 90 percent of assessments found company data being transferred to unencrypted USB devices. Both statistics stand as huge indicators that organizations need to do a better job with data governance.

According to many experts, visibility is the first step toward getting a handle on these common and risky insider behaviors. According to SANS Institute, fewer than 40 percent of organizations today monitor employee behavior and less than 1 in 3 perform any kind of behavior analytics to detect insider incidents and attacks. This lack of insight into what employees and other insiders are doing is making it very difficult for organizations to detect insider incidents in a timely fashion. Ponemon Institute reports that only 16 percent of insider incidents were contained in fewer than 30 days.

“Business needs to get out of the cybersecurity denial phase it is stuck in,” says Richard Stiennon, chief research analyst for and a lecturer for Charles Stuart University. “To do this, it must accept that it needs more visibility into what’s going on in its environment.”

Sponsored Content
Upcoming Webinar
Not All Flaws Are Created Equal: The Difference Between a Flaw, a Vulnerability and an Exploit

Not All Flaws Are Created Equal: The Difference Between a Flaw, a Vulnerability and an Exploit

According to Gartner, the application layer contains 90% of all vulnerabilities. However, do security experts and developers know what’s happening underneath the application layer? Organizations are aware they cannot afford to let potential system flaws or weaknesses in applications be exploited, but knowing the distinctions between these weaknesses can make ... Read More
May 29, 2018

Ericka Chickowski

An award-winning freelance writer, Ericka Chickowski covers information technology and business innovation. Her perspectives on business and technology have appeared in dozens of trade and consumer magazines, including Entrepreneur, Consumers Digest, Channel Insider, CIO Insight, Dark Reading and InformationWeek. She's made it her specialty to explain in plain English how technology trends affect real people.

ericka-chickowski has 18 posts and counting.See all posts by ericka-chickowski