An insider threat happens when someone who is close to an organization, and who has authorized access, misuses that access to negatively impact the organization’s critical information or systems. For organizations across the globe, these threats are becoming more and more prevalent.
According to Accenture, 69% of organizations have experienced an attempted or successful threat or corruption of data in the last 12 months. For many organizations, the first thing that comes to mind when thinking of an insider threat is the malicious insider – the disgruntled ex-employees, or current employees who have ulterior motives.
There is always the imminent threat that an employee, partner or vendor may go to great means to steal data on purpose. These are valid thoughts – but they aren’t the only insider threat risk.
In fact, the unintentional insider threat can be equally risky to the organization and is unfortunately quite common, accounting for 25% of data breaches in 2017. These are employees, vendors and partners with the best of intentions, but may accidentally click a link, forgo company policy, or use an unapproved cloud storage service.
Take, for example, the data leaks resulting from misconfigured AWS S3 repositories that have been occurring on an almost weekly basis – from Accenture to Tesla.
For this reason, it is important to understand what accidental data misuse looks like and to put in place a plan to detect and prevent unintentional insider threats – before they accidentally leak information outside the organization.
Violating company policies
Any time an employee steps outside of company policy, it increases risk. Whether on purpose or because they’ve forgotten or don’t fully understand the policy, this poses a threat to the organization. It’s true that malicious insiders may break policy, but it’s equally true that an employee with no malicious intent may break policy to simplify a task, or even without their knowledge.
Regular reviews of company policies are a given, but you cannot only rely on written policies to ensure prevention. You also need to have a proactive way of catching employees in the act of breaking policy, educating them on the mistake, and preventing them from taking further action outside policy.
Sidestepping regulations
Different organizations are beholden to different laws, compliance mandates, and regulatory requirements. There are a number of frameworks across industries, and if some people in your organization do not fully understand how a certain framework applies to their work, they may make mistakes that expose you to risk.
It is vital to conduct regular trainings and education for all team members whose work requires them to fully understand and apply laws, mandates, or requirements that affect the organization’s security.
Taking the easy way out
Cloud storage services, like Dropbox, can really help employees get their jobs done faster and more efficiently. It is a given that even star employees may store or transfer sensitive data using a personal cloud storage account— it opens up more opportunities to work. Then again, they can also quickly open your organization up to a whole new level of risk.
As a best practice, ensure employees understand which services are approved and which are not, how to properly secure their services, and what types of data must be stored where and how. This will decrease the odds of their accidentally sending highly confidential data to an unsecured location in the cloud, thus exposing you to risk.
Careless personal security
From brightly lit computer screens to rogue flash drives – unsecured devices are a common cause of accidental insider threats. Each individual employee should be aware of the steps that they should take to ensure the devices they use are well-secured at all times. This includes everything from strong passwords to multi-factor authentication for all devices. One small instance of sloppy personal security can lead to a major insider attack.
How to decrease this threat
The biggest threat to an organization isn’t the outsider trying to get in, rather it’s the insider who already has the keys. And it certainly doesn’t have to be an insider that has it out for the company.
As the above examples illustrate, accidental misuse can be one of the most overlooked causes of insider threats today. Once valuable data has been leaked via inappropriate or accidental means, there are always criminals and groups with ulterior motives who will look for opportunities to use the data to their advantage. Insiders – both malicious and accidental – are uniquely able to access data in a variety of ways, and yet they are often forgotten about when organizations “lock down” their data.
Good visibility into an organization’s vendors, partners, and employees, continued education, alongside tools and technology, can ensure that both the malicious and accidental insider threats are thwarted in their tracks.