There are few things that make security teams more uneasy than knowing that a threat is posed by a current employee, ex-employee or business partner. Realizing that trust has been compromised and there is uncertainty to what has been shared and with whom leaves corporate security teams scrambling to find out more.
Unfortunately, recent reports show insider threat incidents have increased by 47% in the last two years, and the total average costs of insider-related incidents approximates $11.45M (up from $8.76M in 2018). Our recent research on security investment priorities in 2021 reveals that insider threat monitoring tools and training were ranked as a top investment by physical security leaders.
While monetary values are a driving factor, the impact to employee safety highlights a much broader issue. Without a proactive approach to identify areas of concern in your organization before an incident occurs, there’s significant risk to the safety and security of your employees, assets and intellectual property.
But first, what is an insider threat?
An insider threat can be defined as a “user with legitimate access to company assets who uses that access either maliciously or unintentionally, to cause harm to the business.” Whether the insider is a former / current employee or partner, they have access to critical and sensitive data pertinent to the operations of the company. More importantly, they plan to use this critical and sensitive data in a way that threatens the company and its employees.
While the majority of insider attacks occur for monetary reasons, others are motivated by attempts to gain a competitive advantage in business.
In this real-life example (investigated from 2017 to 2020), two employees stole sensitive information about their company’s marketing and pricing. Here’s what occurred:
- Subsequent to stealing this intellectual property, one of the employees started a new, incredibly similar company to compete with its former.
- As a result of the former company’s lax response program, they lost several clients to the new competitor.
- Several years later the former company put the pieces together and reported the incident to the FBI.
- While the employees were eventually convicted (after years of investigation), trade secrets were compromised and clients were lost, leading to a downfall for the lucrative business opportunity.
If there had been a more robust program in place, including identity and access management, and user activity monitoring to identify anomalies and patterns, it is unlikely that the employees would have been able to download the company’s trade secrets to create their own competing business. Therefore, we stress the importance of an insider threat program for all companies, regardless of the industry.
What are the benefits of an insider threat program?
The benefits of an insider threat program are endless as they reduce the impact and likelihood of threats impacting businesses and their employees. According to the Insider Threat Mitigation Guide, implementing an insider threat program helps an organization identify and detect threats unique to their environment. By defining the risks associated with a given business, security leaders can manage and alleviate certain threats before they manifest into a disruption that is detrimental to the company.
An effective insider threat program, composed of all the critical elements, will:
- Safeguard assets
- Counter violence
- Prevent theft of confidential business information
- Protect intellectual property
- Ensure customer trust
By tailoring the elements of an insider threat program to your organization’s needs, you can prevent harm and create a backbone of resilience. With more technical means to breach a system, it has become extremely difficult to detect certain insider threat incidents. The longer an insider threat attack goes undetected, the greater the damage to the company.
With all of this being said, each company is strongly encouraged to design a robust and secure insider threat program. Taking proactive steps helps ensure the long-term safety, security and success of a company’s reputation and, more importantly, its people. To learn more about proactive security and early detection of anomalies and patterns, check out Level Up Your Threat Hunting Game.