There are multiple ways in which insider threats can spill over into security breaches. Various studies indicate that user behaviour accounts for over 50% of information leaks. In Australia, the Office of the Australian Information Commissioner confirms that user error accounts for between 32 and 37 percent of all Notifiable Data Breaches in each of the four quarterly reports issued to date. These can further be broken down into threats which arise out of negligence and risks which arise out of criminal intent.
The first is the inadvertent insider. These are employees who make information security mistakes without realising it. These are acts of negligence and can comprise anything from leaving a PC unlocked at lunch break, allowing someone else access to company resources, to losing an unsecured device. If it is an IT worker, the potential for mischief is greatly magnified: an insecurely set up cloud network, for example, could allow easy access for hackers. Negligence extends to targeted attempts by hackers to breach your systems, too. Clicking a phishing link or opening a malicious attachment falls into this category. With sufficient awareness, issues like this should be absolutely minimised.
The second (related) threat is the disinterested employee, who is invariably also an inadvertent insider. These individuals might not respond to training or might simply not take the necessary care in their work. Close attention should be paid to individuals who display patterns of negligence even after interventions are mounted: if they don’t care about information security, they probably don’t care for their employer or employment. Note that hackers, too, pay close attention to disinterested employees and inadvertent insiders. After all, this is a convenient and easy route for them to breach your data security.
The third threat, along with the fourth and fifth, falls into the criminal category. Insider collusion is a significant threat because it means an employee is working with a hacker to compromise your data. These compromises typically result in fraud, intellectual properly theft or a combination of the two. Detecting insider collusion is difficult and typically takes more time than identifying other internal risks.
The fourth threat is the Persistent Malicious Insider. As the name implies, this is an employee who steals company information, typically for personal gain. Such thefts can take place with unsophisticated methods, such as the use of USB thumb drives, as the employee may have direct access to company systems and data.
The final threat is one familiar to most employers. Disgruntled employees can deliberately sabotage their organisation for no reason other than vengeance; others might seek a second income stream in much the same way the Persistent Malicious Insider does.
In days gone by, most threats did indeed originate from the outside of an organisation. That’s why firewalls, intrusion detection and prevention, and to some extent, internet filtering had emerged as the pre-eminent measures for securing your business.
But as you can see, the different types of Insider Threats are becoming increasingly difficult to protect your organisation against.
Recently we've sat down and had a discussion around Person Centric Security and how this approach enables data leak control without blocking people or devices, click here to watch.
We have also created a comprehensive guide to Person Centric Security, which you can Click here to access.
