Contact Us

What is an
Insider Threat?
The Risk of Insider
Threat Actors

Author: Sue Poremba

One of the greatest threats to your company isn't the competition or a cyber-criminal.

No, one of your organization's most dangerous threats is already sitting comfortably in the office. Insider threat actors come in many stripes: the careless employee who thoughtlessly clicks on a link in a phishing email or doesn't follow cyber security best practices; the malicious insider who uses their access to steal and sell sensitive corporate and consumer data; the negligent contractor or vendor compromises your security by misusing your assets.

Insider threats might not have the same kind of reputational impact that an external security breach does, but they can still compromise millions of pieces of data.

What is an insider threat?

An insider threat is a threat that comes from inside your organization. It's usually someone who uses their authorized access—intentionally or unintentionally—to compromise your organization's network, data or devices. The critical part is that the access is legitimate—these aren't brute-force hackers. And an insider threat actor doesn't have to be a current employee. Third-party contractors can be insider threats, as can former employees whose access was never revoked.

As the Verizon 2020 Data Breach Investigations Report notes, external actors remain the most significant threat to organizations, despite widely held opinions to the contrary. Still, the insider threat cannot be ignored. The report indicates that more than 30% of breaches in 2019 were the work of insiders.

Careless behavior can expose your organization to serious risk—and, potentially, severe financial and reputational damage. Improving security awareness training and phishing scam monitoring can help minimize careless incidents.

The most severe insider threat

Insider threat actors might not always be malicious, but those bad actors often do the most damage. Outside actors need an exploitable weakness to get inside a network; insiders are already there. They don't need to hack the enterprise or circumvent its defenses because they have legitimate access to endpoint systems, servers, networks and domains, and they often need that access to perform their daily duties. Insider threat actors recruited or bribed to steal sensitive company data are just as dangerous as disgruntled employees seeking to disrupt business or access information for personal gain.

Internal bad actors can wreak havoc for days, months or even years without being detected. They can steal money, manipulate sensitive information and download data as they go about their regular work routines—and they can continue indefinitely until they leave the company or make an error too big to ignore.

Protecting your business

It's impossible to watch every employee all the time, so it's difficult to completely eliminate insider threats, regardless of whether they are acting carelessly or maliciously. Still, protecting data and ensuring that security teams are alerted to unusual activity should be a top priority. Behavior analytics solutions can monitor typical employee actions, such as odd work hours or irregular data spikes. Maintain tight control over authorized access; employees should only have access to the files they need. Multifactor authentication will also help ensure that critical information is secure and that only the people who need it can access it. The Verizon 2019 Insider Threat Report recommends complementing data classification with a content protection solution, providing persistent encryption capabilities, linking to classification policies and automatically invoking them when assigning classification levels.

As long as a company has employees and contractors, there will be insider threats. Taking proactive steps to monitor their behavior can keep this threat to a minimum.

Start defending against your biggest cyber threats—and preparing for what's next—with Verizon's security solutions.