nDiscovery-Logo-Header.png
Ë
By Becky Metivier • August 1, 2017

Cybersecurity and the Insider Threat

The threat posed to corporate data from an inside attack is widely accepted. Today, study after study show that insiders pose a significant cybersecurity threat, reporting statistics like: 

To effectively protect against insider threats, organisations must first understand what the insider threat is. Let’s take a closer look.  

What is Insider Threat?

Basically anything inside your perimeter can be considered an insider threat. This includes:

  • Intentional abuse of access;
  • Misuse of privilege; and
  • Inadvertent compromise.

The insider threat is one of the most unsavory of threats because in many cases it involves the people we work with. It can be a breach of a trust relationship, which is hard to deal with.

Who is the Insider?

Insider does not necessarily mean employee. It’s anyone who has access to your internal network, including services providers and contractors. Snowden was a contractor. The HVAC vendor responsible for facilitating the Target breach by clicking on a link in a phishing email was considered an insider.

The most dangerous insiders are those that administer and manage infrastructure. According to Vormetric’s Insider Threat Report, 55% of respondents said privileged users posed the biggest internal threat to corporate data, followed by contractors and services providers (46%), and then business partners with internal access (43%).

Inadvertent vs. Malicious Threats

There are two types of insider threats. The first is the unwitting insider threat, or inadvertent actor. They are typically unaware and fall victim to common social engineering tactics, such as phishing, vendor spoofing, or pretexting. People are typically the weakest link in security because human nature makes us vulnerable.

The second type is the active insider threat, which is malicious in nature and is typically perpetrated by disgruntled, troubled, or just greedy insiders. Hackers are actively advertising for help from specific company’s employees to join the dark side. Desperate people can do desperate things. Good people can do bad things. In fact, this survey showed that 20% of employees would sell their corporate credentials, 44% of which would be willing to do it for less than $1,000, and some for as little as $100.

Why is it important to consider Insider Threats?

Remember that hackers are opportunistic. The path of least resistance is their preferred path. Why brute force a firewall when people (or their stolen credentials) can circumvent technical controls? Today’s hackers just need to be good social engineers. They can buy (or rent) the tools needed to do the hacking. 

In their 2015 study, IBM found that 60% of cyber-attacks came from insiders. In 2016, they decided to further refine that data by industry to see how they compared (see table below).  

attack-sources-by-industry.png
The data showed a definite difference by industry sector. The financial services and healthcare sectors had a higher rate of attacks being perpetrated by an insider when compared to the other sectors. According to the report, “the fact that the insider attacks targeting the financial services and healthcare were largely the result of inadvertent actors may be due these industries having a greater susceptibility to phishing attacks.” Focusing on cybersecurity awareness for employees, and building a cybersecurity culture could go a long way in reducing these numbers.

Regardless of industry though, it’s important to be aware of insider threats, so that you can protect your organisation against them. Check back in future posts to learn characteristics and indicators of insider threats, as well as strategies to deter, prevent, and detect them.