Today, maintaining good cybersecurity is one of the most important aspects of owning a business. Almost anyone could fall victim to a cyberattack in which their information could get stolen if not careful enough. From fraudulent links in phishing emails to fake copycat websites, one must always be on the lookout for scams. Usually, we expect threats to our cybersecurity to come from the outside, but insider threats are just as risky. According to recent statistics, approximately 60% of all data breaches can be accounted for by insider threats.
So, what is an insider threat? An insider threat is a cybersecurity risk that originates from inside your organization. These threats can come from anyone who has been granted access to your system- employees, partners, contractors, vendors, etc. These threats typically occur when someone who has been given legitimate user credentials misuses their access. Although these threats can be malicious, they can also be the result of simple human error or oversight. No matter the intent, insider threats still put your company at risk.
There are five different types of insider threats that have been given names: the collaborator, lone wolf, pawn, goof, and mole.
Intentional Threats
The collaborator and the lone wolf are two types of insider threats that are intentional or malicious. Collaborators are people with authorized access who work with a third party, like a competitor or other individual, to intentionally harm an organization or a project. This person may leak confidential information, steal intellectual property, or otherwise disrupt and significantly harm normal business operations. Lone wolves are insider threats who have the same goals as collaborators, but work independently. Some say that lone wolves can be particularly dangerous because they often have privileged system access. Both methods may help an insider achieve their goal of espionage, fraud, intellectual property theft, sabotage, etc.
Accidental Threats
The pawn and goof are types of accidental or careless threats. A pawn is an authorized user who has been manipulated into unknowingly acting maliciously. Without awareness of their participation due to social engineering tactics, a pawn may unintentionally become a threat after falling for a scam and downloading malware onto their computer or disclosing confidential information to an imposter. Goofs are people who intentionally engage in risky online behavior but do not have any malicious intent. They may take shortcuts or ignore company cybersecurity policies, making themselves and their devices vulnerable to cyberattacks. For example, they might not pay close attention and end up following bad links and providing sensitive information, or store confidential information on their personal devices rather than company devices, making it more vulnerable to attacks.
Other Threats
Although technically not completely an insider threat, the mole is still worthy of consideration. A mole is someone from outside your organization who has somehow gained “insider” access to your systems. This person may pose as an insider in order to scam current employees, vendors, clients, etc. They may even be able to gain further access than initially granted by pretending to be an insider.
A few other things that may be indicators of insider threats: users accessing applications and networks at weird hours, users accessing resources or devices that they shouldn’t need or don’t normally have access to, emailing unknown or fraudulent addresses with sensitive information, unusual sign-in/log-off activity, and anything that ‘seems off’ to you – trust your instincts.
It is extremely important to protect yourself and your business from insider threats. If you own or manage a business, you should pay close attention to the behavior and digital activity of anyone with access to your business systems. Dissatisfied, lazy employees or vengeful former employees may be threats, which is why compartmentalizing sensitive information by limiting access and by creating specific permissions is so important. It may be helpful to create a clear, strict company technology policy for everyone to follow, along with encouraging incident reporting for when breaches do occur.
Overall, it is important to monitor your system closely so that any unusual activity for your system may be detected. There are end user monitoring tools available that will inform activities such as files saved to a portable or flash drive, grab screen shots, or other activities that may be deemed suspicious within your operation. Insider threats are one of the many reasons that you should consider partnering with a trusted IT provider who can help you manage your system.