What are
insider threats?
Definition, types,
and how to
mitigate them

Author: Sue Poremba

One of the greatest threats to your company isn't the competition or a cybercriminal. No, one of your organization's most dangerous threats is already sitting comfortably in the office. It’s insider threats, also referred to as internal threats.

Although external threat actors account for 80% of security breaches according to the Verizon 2022 Data Breach Investigations Report, insider threats can still do a lot of damage to a company and its reputation.

But what is an insider threat, how can you spot them, and what steps can you take to help minimize the chances of an internal threat from occurring in the first place?

What is an insider threat?

An insider threat is a threat that comes from a user inside your organization who uses their authorized access—intentionally or unintentionally—to compromise your organization's network, data or devices. The critical part is that the access is legitimate—these aren't brute-force hackers.

And an insider threat actor doesn't have to be a current employee. Third-party contractors can also be insider threats, as can former employees whose access was never revoked.

Types of insider threats

Insider threat actors come in many forms:

  • The careless employee who thoughtlessly clicks on a link in a phishing email
  • An employee who doesn't follow cyber security best practices
  • The malicious insider who uses their access to steal and sell sensitive corporate and consumer data
  • A disgruntled employee who seeks to disrupt business operations or access information for personal gain
  • The negligent contractor or vendor who compromises your security by misusing your assets

Regardless of their intent, internal bad actors can wreak havoc for days, months or even years and do serious damage to an organization’s reputation. 

How to detect insider threats

While outside bad actors need an exploitable weakness to get inside a network, an insider with malicious intent is already there.

And therein lies the problem. These individuals don't need to hack the enterprise or circumvent its defenses because they have legitimate access to endpoint systems, servers, networks and domains, and they often need that access to perform their daily duties.

These bad actors can steal money, manipulate sensitive information or download data as they go about their regular work routines—and they can continue indefinitely until they leave the company or make an error too big to ignore.

While insider threats can sometimes be difficult to detect, there are some signs to be on the lookout for that could indicate an internal bad actor is at work:

  • Logging into the network at odd hours
  • Accessing information that’s not related to their job
  • Downloading unusually large amounts of data
  • Copying data onto their personal devices
  • Creating unauthorized accounts 

How to protect and mitigate insider threats

It's impossible to watch every employee all the time, so it's difficult to completely eliminate insider threats. Still, the IT department should make it a top priority to take steps to strengthen network security and protect data and ensure that security teams are alerted to any unusual activity.

Security best practices, such as security awareness training and phishing scam monitoring can help to mitigate internal threats.

In addition, behavior analytics solutions can monitor typical employee actions, such as odd work hours or irregular data spikes. Furthermore, employees should only have access to the files they need, which is why it’s important for the IT department to maintain tight control over authorized access.

Multifactor authentication will also help ensure that critical information is secure and that only the people who need it can access it. The Verizon Insider Threat Report recommends complementing data classification with a content protection solution, providing persistent encryption capabilities, linking to classification policies and automatically invoking them when assigning classification levels.

As long as a company has employees and contractors, there will be insider threats. However, when companies take proactive measures and monitor behavior, that can go a long way in helping to minimize internal threats.

Now that you have an answer to the question, what is an insider threat, find out how Verizon's security solutions can help you better protect your organization.

The author of this content is a paid contributor for Verizon.