The Importance of Insider Threats

The recent IBM 2019 Cost of Data Breach survey found that the cost of a data breach had risen 12% over the past 5 years to $3.92 million on average. While 51% of the data breach attacks were attributed to malicious or criminal actors, a stunning 24% of the breaches were caused by negligent employees or contractors. The report also notesed that the 51% of the criminal actors included, “malware infections, criminal insiders, phishing/social engineering and SQL injection.”

The aforementioned statistics highlight the importance of the insider threat. Insider threat via a company’s own employees (and contractors and vendors) is one of the largest unsolved issues in cybersecurity. Insider threats were present in 50 percent of breaches reported in a recent study.

For the purposes of this discussion, let’s define insider threat as “the cyber risk posed to an organization due to the behavior of its employees.” Inside threats arise from two kinds of employees: those who are negligent and those with malicious intent. Malicious insiders are those who purposefully seek to benefit themselves at the organization’s expense or to harm the organization directly. They might steal valuable data, commit fraud for financial gain, publicly expose sensitive information to attract attention or sabotage IT systems in disgruntlement. On the other hand, negligent or error-prone insiders may not harm an organization intentionally but expose the organization to risk through their mistakes or carelessness.

“The most dangerous aspect of insider threats is the fact that the access and activities are coming from trusted systems, and thus will fly below the radar of many detection technologies,” wrote Kim Crawley in a recent blog.

Tim Erlin, VP of product management and strategy at Tripwire, agrees.

Internal breaches often can go undetected and are sometimes not reported (Read more...)