The computer emergency response team (CERT) defines ‘Insider Threats‘ as:
The potential for an individual who has or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.
Intentional vs. Unintentional Threats
Insider threats can be both intentional and unintentional. They come in many forms, including through individuals or an organization’s assets, people, information and technology. It can be challenging to detect insider threats authorized to access your network.
Intentional/Malicious:
- Intentional or malicious insider threats can culminate in IT sabotage, fraud or intellectual property theft. According to a Biscom Survey, more than 1 in 4 respondents say they took data when leaving a company. Employees who take data on the way out often feel that it is data they created and belongs to them.
Unintentional/Non-Malicious:
- Unintentional or non-malicious insider threats can result in phishing/social engineering victims, accidental disclosure of data, improper disposal of data or lost/stolen portable data.
Preparing For Insider Threats
This enterprise-wide issue should be an essential focus for a comprehensive cybersecurity program. A survey conducted by Hitachi ID found that 65 percent of 100 IT and security executives said they or their employees had been approached to assist in aiding ransomware attacks. Preparing and watching for the signs of insider threats is crucial to cyber resiliency for companies.
Threats can manifest anywhere. Detection and prevention should occur enterprise-wide, including via HR, legal, and non-technical indicators. Along with automated behavioral tools, technical tools can help identify and mitigate insider threats, such as anomaly detection. Detection can also be as simple as observing behavioral-based anomaly detection (e.g., drug use, poor performance, absence, etc.).
Useful Resources
Your organization should have an insider risk/ threat program. Here are a few great resources available for creating a roadmap:
- The Intelligence and National Security Alliance (INSA), in partnership with DHS, FBI and ODNI, Insider Threat Program
- Cybersecurity & Infrastructure Security Agency (CISA) Insider Threat Mitigation
Additionally, the CERTÂ Division of the Software Engineering Institute (SEI) at Carnegie Mellon University developed an Open Source Insider Threat (OSIT) Information Sharing Group. This group is an excellent resource for cybersecurity leaders to learn more.
Other Helpful Links
• Insider Threat Center Website
• Insider Threat Center Email
• National Insider Threat Blog Series
Want To Learn More?
Your partners at Unison Risk Advisors are ready to help you put the proper protections in place and assist your organization in combatting the growing number of insider threats. Reach out to a trusted advisor to learn more.