Insider Threat

Insider threats pose major risks for organization as they are threats that involve people who have insider knowledge about the organization’s resources such as facilities, IT equipment, network information and computer systems as well as access to these resources. Insiders can include people who are trusted by the organization such as employees, vendors, and business partners.

According to a Ponemon Institute research, 85% of all hacking incidents are due to insider breach.

This means users who have access to the system either violated their rights on purpose or neglected their duties or accidentally caused harm. Insider threats occur when an insider uses their access privileges or knowledge about the organization to cause harm to the organization. The damage caused by insiders can be malicious, complacent or unintentional, but in the end they all negatively affect the integrity, confidentiality and availability of the victim’s IT systems. The damage caused by insider threats can be long lasting and can impact the organization’s ability to continue business in the future.

Insider threats can be intentional or unintentional acts.

Unintentional threats such as negligence occur due to carelessness by people inside the organization. These attacks occur when users understand IT policies but choose to ignore the policies which creates risk for the organization. Some examples of negligence are sharing user passwords, using personal devices to access IT services and ignoring security updates. Accidents are also unintentional acts that can place an organization at risk. When users click on hyperlinks or attachments from sources such as phishing emails, attackers can then install malware to create remote connections to the infected machines.

Intentional insider threats occur when an insider is motivated to take malicious action to damage the organization’s IT resources for personal benefit or as a personal grievance.

Intentional insider threats include leaking sensitive information, stealing information or sabotaging equipment to disrupt the organization’s operations or to damage their reputation.
Recovering from an insider attack is not only costly and time consuming, but it can devastate a business due to the loss of credibility due to the attack. According to the 2020 Insider Threat Report, for most businesses recovering from a successful security attack can cost anywhere from $100,000 to $500,000. Even then, after successfully recovering from that attack, 87% of respondents stated that they would find it difficult to determent the actual damage caused by the insider attacks.
of organizations had more than 30 incidents per year.

To prevent insider threats from occurring organizations should integrate Identity Access Management and Privileged Access Management solutions into their security strategies to prevent attacks from occurring.

These solutions prevent insider attacks from occurring as they limit who can access IT services and what information they are able to view. Using these solutions, organizations can rest assure that their data will be protected from various types of attacks.