Insider Threat: Definition, Prevention & Defense
An insider threat is a security risk that stems from your current employees, former staff members, contractors, or vendors. Anyone who has access to important and protected electronic items could pose an insider threat to your organization.
The methods insiders use can vary. But experts say most of these people attempt to:
- Steal your company's intellectual property
- Sabotage your company's current or future success
- Commit fraud for financial gain
- Engage in some form of espionage
The only way to halt all insider threats is to stop working with anyone else. But your company may not be successful if just one person owns and manages it.
Instead, learn more about what these threats look like, and you'll be prepared to stop them when you find them.
Types of insider threats
Two main types of attacks stem from insiders. Understanding the difference is critical as you formulate plans to keep your critical assets safe.
Your insider threat might be:
- Malicious. Someone inside your organization hopes to use their clearance to harm you or your organization. People like this might steal your intellectual property and sell it to the highest bidder, or they might engage in fraudulent activity to steal something from you.
- Inadvertent. A person disregards your rules or makes errors. These steps put your company at risk, even if that's not the person’s intent.
We know a lot about insider threats from work done at Carnegie Mellon University. The CERT Insider Threat Center within the university tracks these incidents and releases reports for business leaders to study and learn from. The group suggests that many attacks stem from so-called "insider disgruntlement," where a person within your circle doesn't get something expected.
But know that some angry people hide their feelings quite well. You may not know who the risky person in your midst is until it’s too late.
How dangerous are insider threats?
Few companies brag about the devastating losses they've endured after an attack. But insider threats tend to produce spectacular results that are hard to hide. Wading through the statistics gives you an idea of just how worrisome this issue really is.
- Insider threats represent the biggest threat to the U.S. economy. Source: Security
- Among global health care organizations, 35 percent experienced cloud data theft sparked by insider threats. Source: Infosecurity Magazine
- Among European employees, 29 percent have purposefully sent data to outsiders. Source: Infosecurity Magazine
- Tesla experienced an insider threat in 2018, sparked by an employee who didn't get a promotion he expected. Source: CSO
- Concession vendor Spectra lost $268,000 in one insider threat attack. Source: Infosecurity Magazine
Are you facing an insider threat?
Any company with employees, vendors, or both could be at risk for an insider attack. But you can learn to spot the signs.
People planning an attack like this often:
- Ask for data. An employee might request access to a sensitive part of your server, or you might notice an uptick in file downloads.
- Work undercover. The person might log in late at night or on weekends. Or the person might spend long hours in the office when everyone else has gone home.
- Break the rules. You may notice that the person keeps their workstation unlocked or has printed passwords available.
Monitoring for unusual activity is an integral part of threat mitigation. Look over your user logs, and make sure y