One of the greatest threats to your company isn't the competition or a cyber-criminal.
No, one of your organization's most dangerous threats is already sitting comfortably in the office. Insider threat actors come in many stripes: the careless employee who thoughtlessly clicks on a link in a phishing email or doesn't follow cyber security best practices; the malicious insider who uses their access to steal and sell sensitive corporate and consumer data; the negligent contractor or vendor compromises your security by misusing your assets.
Insider threats might not have the same kind of reputational impact that an external security breach does, but they can still compromise millions of pieces of data.
What is an insider threat?
An insider threat is a threat that comes from inside your organization. It's usually someone who uses their authorized access—intentionally or unintentionally—to compromise your organization's network, data or devices. The critical part is that the access is legitimate—these aren't brute-force hackers. And an insider threat actor doesn't have to be a current employee. Third-party contractors can be insider threats, as can former employees whose access was never revoked.
As the Verizon 2020 Data Breach Investigations Report notes, external actors remain the most significant threat to organizations, despite widely held opinions to the contrary. Still, the insider threat cannot be ignored. The report indicates that more than 30% of breaches in 2019 were the work of insiders.
Careless behavior can expose your organization to serious risk—and, potentially, severe financial and reputational damage. Improving security awareness training and phishing scam monitoring can help minimize careless incidents.
The most severe insider threat
Insider threat actors might not always be malicious, but those bad actors often do the most damage. Outside actors need an exploitable weakness to get inside a network; insiders are already there. They don't need to hack the enterprise or circumvent its defenses because they have legitimate access to endpoint systems, servers, networks and domains, and they often need that access to perform their daily duties. Insider threat actors recruited or bribed to steal sensitive company data are just as dangerous as disgruntled employees seeking to disrupt business or access information for personal gain.
Internal bad actors can wreak havoc for days, months or even years without being detected. They can steal money, manipulate sensitive information and download data as they go about their regular work routines—and they can continue indefinitely until they leave the company or make an error too big to ignore.