Explore our Free Resources for Families to Stay Safe Online

Insider Threats

in·​sid·​er | \ (ˌ)in-ˈsī-dər

Said simply, an insider threat is someone who misuses authorized access. Sometimes it’s malicious in an attempt to steal money or smear an employer. Other times it’s accidental or negligent, when someone unintentionally reveals sensitive information because of their access or influence.

Are insider threats really that big of a threat? Yes! Approximately 58% of security breaches are the result of insider threats. These kinds of threats are common because the attack is half completed before it even begins. How? An insider threat does not have to find a tricky way to guess passwords or slip through firewalls because they already have an account with access to the confidential information and resources.

Living Security believes insider threats are such a big deal that they built a team-based, virtual escape room to hunt down a rogue insider threat! Check it out…

Insider Threat Examples

The following are recent examples of insider threats and how their actions affected the companies:

  •  In 2016 a portion of Google’s self-driving car project’s blueprints, source code, and marketing information was stolen by one of their lead engineers who eventually gave the information to Uber.
  •  In 2019, a single insider with malicious intent stole 100 million customer’s accounts and credit card applications from Capital One’s Amazon Web Service databases. A former software engineer of AWS used her authorized knowledge of Capital One's systems to steal this information and ended up costing Capital One $150 million as well as damage to their reputation.
  • In January 2020 a security researcher found an exposed Microsoft database that was accessible over the internet. This server contained 250 million entries of personal information and was exposed as the result of a negligent insider who did not correctly protect the information.

As can be concluded from the above examples, insider threats are a danger to organizations confidential information and resources even if the threat is the result of a negligent employee. It is important to take the proper steps to limit the likelihood of your organization becoming the next victim to this kind of threat.

How to Mitigate Insider Threats

insider threats can be more difficult to detect and block than outsider threats. Authorized logins don’t raise the same flags compared to an outsider attempting to gain access to a company’s network. For this reason, insider threats are often not detected until the damage has already been done. It is vital to take a few key steps to mitigate insider threats:

  • Increase network visibility by enabling system wide logging. This will help to get to the source of an insider threat if an attack does happen and will also act as a deterrent since employees will know their actions are being logged.
  • Make sure to monitor accounts with access to confidential information and resources. These accounts need to be monitored closely because they are more likely to be the source of insider threats stealing information or disrupting systems due to the access their escalated privileges provide. This can also act as a deterrent for intentional insider threats because they will know the actions will be traced back to them.
  • Use a least privilege model with the accounts on your system. Using a least privilege model will ensure that employees only have access to the resources they need in order to do their job and nothing more. By limiting access, it will help mitigate the accidental and malicious insider threats.
  • Most importantly make sure to educate your employees on the IT policies put in place to ensure they correctly handle confidential information. As mentioned before, 64% of insider threats are due to negligent employees who did not realize their actions could result in a security breach. Through educating them on the importance of how they handle confidential information could be the difference between a productive day and a major security breach.

While it is not feasible to completely remove the threat from insiders, it can be greatly reduced by implementing these steps!