September is National Insider Threat Awareness Month: What Businesses Need to Know to Keep Data Secure
A man walks into a bar with a USB flash drive containing the personal information of every resident of an entire city.
This isn’t the setup for a joke. This is the story of a city worker in Amagasaki, Japan, who carried a USB flash drive in his bag containing personally identifiable information, including birth dates, addresses, and bank account information, of the city’s 465,000 residents. After a night out, the city employee fell asleep in a public space. When he was awakened, his bag – and the residents’ personal information – was gone.
The incident is an atypical example of a prominent problem facing companies, government agencies, and individual stakeholders: insider threats.
According to Verizon’s 2022 Data Breach Investigations Report, 82% of data breaches involve the human element, as social attacks, errors, and misuse put people’s information at risk.
In other words, a cacophony of cybersecurity concerns, from phishing scams, ransomware attacks, and malicious insider threats all come down to the human element. Simply put, insider threats pose a significant risk to data privacy, demanding a response from all stakeholders to help keep people’s valuable personal information secure.
September is National Insider Threat Awareness Month, making it the perfect time to understand insider threats and the best practices for protecting company and customer data.
What Is an Insider Threat?
An insider threat is a person with legitimate access to a company’s IT infrastructure and data who uses this access to unintentionally or intentionally undermine security. This includes employees, contractors, and third-party entities encountering company data in various ways.
While any insider can undermine cybersecurity and data privacy, it’s helpful to consider the different types of insider threats as understanding their motivations can determine the best response initiatives. In general, there are three types of insider threats:
- Unintentional. These insiders fall for a social attack, like a phishing scam, accidentally share sensitive information, or mistakenly misuse company data. They didn’t mean to cause a problem, but their negligence or mischance can still cause significant damage to a company’s bottom line and brand reputation. In today’s risky online environment, several factors, including remote work arrangements and increasingly frequent and sophisticated phishing scams, make unintentional insider threats a growing concern for companies and government agencies.
- Intentional. These insiders compromise network integrity or data privacy on purpose. Their motivations are multifaceted. Some are looking to profit from their privileged access, while others may be disgruntled employees or people looking to benefit from a company’s digital resources. Intentional insiders can have costly consequences for companies.
- Other. These insider threats are often collusive, recruited or enticed by cybercriminals or threat actors to provide login credentials or compromise network integrity from the inside.
According to one industry report, insider threat incidents of all types have increased by 44 percent since 2020, while costs per incident have risen by one-third. Whether insiders acted accidentally or maliciously, the consequences are often the same. Companies face enormous recovery costs that erode their bottom lines, diminish customer loyalty, and hinder future growth opportunities.
However, data breaches caused by insider threats are not inevitable, and there are steps that every company can take to keep data secure.
How to Keep Data Secure
Stopping and preventing insider threats requires companies or government agencies to develop policies and protocols that allow them to detect, investigate, and prevent insider threats.
- Detect. Effective insider threat prevention efforts begin with detection. Threat detection relies on identifying observable, concerning behaviors and activities that warrant further investigation. Successful programs will combine human intelligence with powerful insider activity monitoring software to detect possible threats.
- Investigate. Investigating insider threats requires cybersecurity teams or management personnel to evaluate an attack’s veracity and determine the scope, intensity, and consequences of a potential threat.
- Prevent. Prevention is the optimal outcome for insider threat mitigation efforts. By proactively preventing insider threats, companies can avoid costly data breaches and any consequential cybersecurity incidents.
These capabilities are best implemented with a combination of human intelligence and software solutions. Since people often have unique insights into their peers and coworkers, implementing a “see something say something” policy allows people to communicate signs of a potential insider threat, including:
- Dissatisfied or disgruntled insiders
- Documented attempts to avoid security protocols
- Changing work patterns or regularly working off-hours
- Displaying resentment for coworkers or leadership
- Contemplating resignation or actively looking for new job opportunities.
When coupled with powerful software solutions, organizations are best posited to detect, investigate, and prevent insider threats. Specifically, companies should look for these capabilities:
- Endpoint Monitoring solutions protect sensitive and confidential company data from loss caused by accidental, negligent, or compromised insiders.
- User & Entity Behavior Analytics software exposes irregularities in system and user activities by leveraging advanced analytics to find suspicious behavior at any endpoint.
- User Activity Monitoring platforms allow companies to identify and respond to malicious or risky activities with automated responses and enhanced, actionable insights.
When human intelligence and software solutions work together, insider threats are less likely to undermine cybersecurity or data privacy.
As companies grapple with a complicated operational environment, it’s easy for cybersecurity to take a backseat. However, cybersecurity vulnerabilities can quickly undermine an organization’s viability as recovery costs, reputation damage, and other factors prohibit future growth and sustainability.
Insider threats are at the heart of this issue, simplifying decision-makers’ responses. In 2022 and beyond, understanding insider threats while developing the capacity to detect, investigate, and prevent potential problems can differentiate thriving organizations from those grappling with the consequences of inaction.