Insider Threat Indicators and Prevention Tips

Insider Threat Indicators to Alert You

Cyber threats are often assumed to come from outside  your company — even as far out as a foreign country. But many assumptions are often not true and too often the signs are ignored. These threats could come from across the room right within your own organization. Here’s more about insider threat indicators:

First, realize that insider threats can occur for many reasons. In today’s increasingly digital and data-driven world, it’s important to have these indicators on your radar and to take steps to improve your cyber security position to reduce the threat.

What Is an Insider Threat?

An insider threat comes from someone who works for your organization or has access to your network, such as a vendor, client or former employee.

Insider threats are responsible for an estimated 33 percent of all cyber attacks and are growing rapidly: as much as 47 percent over the last few years. Recent cyber security surveys show that 66 percent of organizations consider insider attacks to be a more likely threat than external ones.

Intentional Threats

Intentional threats usually come from employees who feel wronged for some reason. They might leak sensitive information, harass associates, sabotage equipment or even perpetrate violence. Some may steal proprietary data or intellectual property in the false hope of advancing their careers or for payment from an organization that could benefit from that information.

There are documented cases of foreign governments planting employees within companies to steal intellectual property.

Unintentional Threats

Unintentional threats occur when a present employee creates an unintended risk to an organization accidentally or by negligence, such as by typing the wrong address on a sensitive email, which then gets sent to a competitor.

We all know that mistakes are made and cannot be completely prevented. For example, an employee could inadvertently click on a hyperlink in an email, opening an attachment that contains a virus. Mistakes could result from someone not having their fingers on the right keys when emailing or not properly disposing of sensitive documents.

Negligent, or careless, threats also are caused because staff did not follow security protocols. Or, they have misplaced or lost a portable storage device containing sensitive information.

Not all cyber threats caused by insiders are malicious. An employee can unintentionally or accidentally put your company at risk in several ways. The most common are:

  • Email errors: An email containing sensitive information is sent to the wrong recipient or is not appropriately secured.
  • Social engineering: Even seasoned professionals can take the bait in sophisticated phishing scams, especially if they haven’t been taught the risks of social engineering. They may fall for a request to help someone or some company they think they know. Other times, they ignore security protocols because they’re distracted, stressed, rushed or overwhelmed, or they just don’t take it seriously, and that’s a problem.
  • Bad credential handling: Poor credential hygiene (think username and password) is one of the fastest ways for a company to suffer a data breach. Employees write down passwords on sticky notes or share administrator passwords to save time. In doing so, they are putting the security of their company’s data at high risk.

Malicious Insider Threats

Many malicious insider incidents result from an employee’s termination or layoff. Here are some factors that can turn employees into malicious threats:

  • Feeling unappreciated or under undue stress.
  • Being angry about being passed over for a promotion
  • Receiving a poor performance review
  • Being disgruntled by layoffs or termination
  • Having serious financial problems

The following signs don’t mean an employee is going to initiate a malicious threat. However, be on alert when an employee:

  • Starts working odd hours.
  • Isolates themselves or otherwise acts suspiciously.
  • Downloads or accesses large amounts of data.
  • Sends sensitive information to their private email accounts.
  • Adds improper privileges to their user account.
  • Has been disciplined and seems disgruntled.
  • Mishandles passwords.
  • Installs unauthorized software and apps.
  • Decides to leave your company.

No matter the reason, when an employee leaves the company, it is critical to lock them out of your network as soon as possible. Ensure their accounts are promptly disabled to block their access.

Insider Threat Prevention Begins With Awareness

A key aspect of a strong security culture is cyber security awareness. Employees should be taught how to spot and stop security threats and know the best practices for their particular business. Benefits include:

  • Awareness of the most relevant security threats
  • Staff that’s engaged with, and takes responsibility for, security issues
  • Increased compliance with protective security measures
  • Employees who are more likely to think and act in a security-conscious manner
  • Reduced risk of insider incidents

Encourage a Strong Cyber Security Culture 

The company’s security culture is the attitude of the entire staff about cyber security. Many factors comprise your cyber security culture including:

  • Knowledge garnered from cyber security education
  • Corporate priorities
  • Compliance with security policies and procedures
  • The implementation of security best practices
  • Maintaining security around data and systems

When employees understand the importance of these practices and the possible consequences of an incident, they are more likely to make smart choices when it comes to security. This strengthens your company’s defenses and safeguards your data.

Build a Strong Security Culture in Four Steps

  1. Start at the top. Lead by example. If the leadership team of the company takes security seriously, employees will, too.
  2. Prioritize digital security. Sounds simple, but reports show that the majority of businesses are failing at this. An IBM report stated that only nine percent of those surveyed cited digital security as the most important factor facing their business. Defense against cyber attacks was rated as the least important factor (18 percent) to their company’s success.
  3. Align IT goals with corporate priorities. Another survey of security professionals stated that one of the three biggest blockers to managing risk was not having the support they needed from leadership to grow a strong security culture: 10 percent said they had no support at all.
  4. Commit to raising security awareness. Seventy-five percent of survey respondents said they don’t spend much time promoting security awareness, less than half their time. It’s also a fact that 60 percent of businesses don’t teach and monitor cyber security even though it is critical for reducing security incidents.

Need Help With Insider Threat Indicators?

Internos Intuitive Technology has been helping businesses with IT for decades. If you think you may have an insider threat or just want to shore up your cyber security, contact us or book a free no-obligation meeting, virtual or in person.

Posted in
Ronny Delgado Internos Miami Author Image

Ronny Delgado

Ronny co-founded Internos in 2013, after co-owning ReadyIT alongside Jairo Avila for 12 years. When you ask Ronny about what he enjoys most about working at Internos, it should come as no surprise that his response is about the people here. He’s dedicated to the development of our company and passionate about making sure that we all succeed.

Use our Managed Service Provider Checklist to Find the Right

Our easy-to-follow checklist can guide you through the process of the best IT services provider for your business.

Are you a first-timer to IT support? Maybe you aren’t happy with your current MSP? This checklist will help you outline and define:

  • Your business goals for the next few years.
  • The stats that potential MSPs will need to work out a plan for your company.
  • The risk areas in your backup and cyber security practice.s
  • What you expect from your IT provider.
  • And more!