The threat from within

Managing the growing risk of insider threat

Most organizations have their guard up to protect against external hackers breaking into their systems and accessing their private, sensitive, and mission-critical assets. But another, potentially more ominous, menace exists much closer to home – the insider threat.

While the vast majority of employees will work conscientiously and honestly, a growing number of workers are breaking into secure areas of their employer’s systems with clearly malicious intent. So while potential damage from external threats receives most of the attention, insiders are actually at the core of many of the worst incidents of misconduct. Why? Because you trusted them and you weren’t paying attention.

Insider threats are on the rise

Insider threats continue to grow. In 2015, IBM1 reported a shift in the cyber landscape where insider attacks began to outnumber outside hacking. A year later, a Mimecast2 survey found that 99 percent of respondents had experienced some form of insider security incident in the past two years and Intel reported that internal actors were found to be responsible for 43 percent of all data loss. Yet despite this alarming rise in insider threats and activities, most companies are still focusing most of their security efforts externally. Typically, less than 20 percent of organizations’ security budget goes toward insider threats, according to Dr. Eric Cole3 of SANS.

Why the increase?

Insider threats are growing for a number of reasons — sociological, demographic and technological.

  • Changes in the workforce — Today’s workforce is increasingly transitory and prone to high turnover; employees accordingly see themselves as “free agents” with less loyalty to employers. Knowledge and information is often seen as open source—to be shared rather than owned.

  • Changes in work environment—Work from home and bring-your-own-device practices have eroded traditional network defense. Companies are increasing their use of thirdparty contractors, who need access to company information but are not vetted or monitored properly. All the while, the growing use of the cloud puts more information outside of the company’s immediate control.

  • Changes in the world—Increasing global competition, polarized geo-political tensions and a growing distrust for big governments and corporations in many individuals create a fertile field for divided allegiances prompting insiders to act in ways that put an organization at risk.

  • Changes in technology—Business and government entities have become increasingly dependent on interconnected technology and mass data storage. While that offers great conveniences, it also makes organizations increasingly susceptible to risk with the potential for larger impacts when breaches and other abuses uccur.
1 Bradley, Nicholas, Michelle Alvarez, David McMillen, and Scott Craig. “2016 Cyber Security Intelligence Index.” April 2016. Accessed August 28, 2017.
2 Mimecast Limited. “Protect Against Email Threats.” Mimecast. February 2017. Accessed July 17, 2017. 
3 Cole, Eric. “Insider Threats and the Need for Fast and Directed Response.” April 2015. Accessed August 28, 2017.