Insider threats: what is behind the employee-led cybersecurity disaster

Insider threats: what is behind the employee-led cybersecurity disaster

When it comes to cybersecurity, the rhetoric for organisations has, for a long time, centred on protection from all the external threats that might be looking to crack your systems and harvest your all-important critical data. However, as companies grow beyond borders, employ a multitude of contractors and third-party suppliers, and hire/let go of swathes of employees, the potential capacity of insiders to cause havoc grows quite rapidly. Turning a blind eye to the growing insider threat can be a recipe for disaster, as attackers within the perimeter will find it easier than anyone to move laterally within the network, potentially leading to huge losses of personal and critical business data.

While the notion of the insider threat has been around for a while now, the issue is becoming increasingly top-of-mind for the enterprise. In recent times, the volume and frequency of security breaches caused by disgruntled, careless, or negligent employees have risen significantly. According to a recent study from Bitglass, more than two thirds (73%) of surveyed respondents expressed their belief that insider attacks had become more frequent over the past year. IBM's 2018 X-Force Threat Intelligence Index [gated] backs up these findings, recording that around 60% of cyberattacks are caused by insider threats. Meanwhile, the Ponemon Institute estimates that the average cost of insider cyber-attacks equated to about (USD) $8.76 million in 2017, compared to the $3.86 million average price tag of all types of data breaches in the same year.

We are seeing these statistics manifest in large, high-profile security breaches occurring at some of the world's most prolific companies. An example can be found at Tesla, which recently was subject to ‘sabotage' by a rogue employee who broke into the company's manufacturing operating system and sent highly sensitive data to unknown third parties. In conjunction, a former Goodwill employee stole $93,000 from the charity by faking payroll records, and an Apple employee was charged with stealing trade secrets after allegedly planning to sell the company's secret data regarding self-driving cars. Other cases are less malicious on the employee side though, involving things like clicking on phishing links or reckless, non-intentional activity that leads to major gaffes. This was evident, for example, when an employee of Australian grocery chain Woolworths accidentally emailed out $1 million in gift cards to customers, along with customer data including names and email addresses. 

These are just some examples that highlight the importance of employee-based cyber breaches. With this in mind, and as things like nation-state and DDoS attacks continue to dominate the headlines, it's important to take stock of what is easily the most prolific cause of cyber-attacks today; the human element.

Types of insider threats

Generally, it's possible to broadly identify the two main groups of insider threats. AT&T outline both types of insider in their "Decoding the Adversary" report, defining them as either ‘malicious insiders' or ‘unintentional insiders'. These insiders can either be internal employees, or external contractors/third-party business partners, the latter of which can be a real headache for organisations with large supply chain or partner networks.

To continue reading...


« KNIME and RapidMiner: Buyer's guide and reviews July 2019


Doing business in Latin America under the Eye of the Dragon »
Pat Martlew

Patrick Martlew is a technology enthusiast and editorial guru that works the digital enterprise beat in London. After making his tech writing debut in Sydney, he has now made his way to the UK where he works to cover the very latest trends and provide top-grade expert analysis.

  • Mail


Do you think your smartphone is making you a workaholic?