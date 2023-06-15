The “2022 Cost of Insider Threats: Global Report” by the Ponemon Institute shows incidents have risen by 44 per cent in two years with an average of 85 days to contain them.

The 2020 edition shows 60 per cent of organisations had more than 30 incidents per year, 62 per cent of them attributed to negligence, 23 per cent to criminal insiders and 14 per cent to user credential theft. The number of cases shot up by 47 per cent in two years.

Insider threats—which encompass malicious, negligent and compromised users—originate from individuals within an organisation who possess authorised access and knowledge to sensitive information, systems or facilities and use them to harm it.

These can be current or former employees, contractors or business partners. The different types include employees who intentionally cause harm by stealing data, sabotaging systems, engaging in fraud and so on.

Negligent insiders unknowingly or accidentally compromise security by, say, poor password practices, falling victim to phishing scams or mishandling sensitive data. Compromised insiders are employees whose credentials or access privileges have been compromised by external actors.

Understanding the motivation behind a threat can help organisations to identify potential risks and implement preventive measures. Motivations include financial gain, revenge, ideological beliefs, career advancement, coercion or blackmail and negligence. Activities include embezzlement, theft of funds or intellectual property theft, sabotage, data destruction and leaking sensitive information.

Preventive measures

Insider threats can have significant financial implications for organisations with the costs varying based on the nature, extent of the damage of the incident and the size and industry of the organisation.

Costs may include financial losses due to theft of funds and manipulation of records and data breach remediation through investigating the breach, notifying affected individuals, providing credit monitoring services, legal fees and suits.

Protection against these threats requires a comprehensive and multi-faceted approach. Preventive measures and security practices can significantly enhance the organisation’s security posture.

Effective safeguard strategies include fostering a positive work environment that prioritises security, like awareness and training on security, policies and procedures for employees. Strictly control access to physical and virtual environment.

The principle of least privilege limits access only to the systems and data necessary for one’s roles. Regularly review and revoke unnecessary access privileges to avert abuse and unauthorised access.

Conduct thorough background checks on employees, contractors and third-party vendors before granting them access to sensitive information or critical systems. Install strong authentication mechanisms, such as multi-factor authentication (MFA), for an extra layer of security, and require users to provide additional verification beyond passwords.

Robustly monitor systems such as network traffic, system logs and database access to track user activity and regularly review audit logs for anomalies. Data loss prevention (DLP) solutions allow monitoring and control of the transfer of sensitive data, as in email attachments, USB ports and cloud storage services.

Encourage reporting and whistleblowing through a safe and anonymous reporting mechanism, take the reports seriously and investigate them promptly. Regularly review and update security measures.

Establish thorough exit procedures for exiting employees and extend security measures to third-party vendors and contractors with access to sensitive information or systems. Implement strong contractual agreements and conduct regular audits.

Insider threats pose a serious and increasing risk to organisations. They can cause significant harm to their security, reputation and overall well-being. But implementing these preventive measures and security practices can significantly reduce the risk of insider threats and enhance an organisation’s security posture.