Don’t Make This A Happy New Year for the Inside Threat
January 2, 2019
According to a recent Ponemon Institute study on insider threats, the total average cost of an inside breach is $8.76 million. Out of the 3,269 insider incidents it reviewed, 64% were due to negligence, 23% were related to criminal activity, and 13% were based on user credential threat. And the larger the organization, the more it has to spend to resolve an incident. Enterprises with more than 75,000 employees spent an average of $2 million per incident. But enterprises in financial services spent $12 million per incident. Energy and utilities spent $10 million. And manufacturing was $8.8 million.
Making it even harder for security teams is that Individual applications are starting to become a growing target for the inside threat. For example, HR data from an application like SuccessFactors or Workday is becoming a prime focus. Once breached, this information has a way of turning up on the dark web for sale. Hackers purchase this information to assume employee identities at a company to gain access to even more systems and do even more damage.
Here are the three types of insiders to be wary of in the new year:
Unintentional Insider – yes, the unintentional threat can wreak havoc on an organization. All too frequently you hear stories of an employee who downloaded a critical database onto their laptop or even a thumb drive, only to misplace it. Or they click on a malicious link in a phishing email to expose you to a breach– and the worst part is that no matter how blatantly fraudulent the phishing email is, someone is always bound to click on it and put your data at risk!
Malicious Insider – Jim from accounting didn’t get the promotion he was expecting and now has to find a way to pay for the new luxury car he purchased. He’s angry and decides that he’ll get the money from the company another way. Maybe he figures out a way to set up a vendor in his procurement system and then pay that vendor in his ERP. Or maybe he decides to pull business-critical data out of Ariba and sell it to a competitor. Either way, he’s earned enough for his car and now has his sights set on an exotic vacation.
Colluding Insider – just when you thought you wouldn’t have to hear about collusion in the new year… The insider at a company works with an external actor to breach information. For example, an employee pulls a list of customer names and details for a competitor.
There are some warning signs though. Forrester’s Senior Security Analyst Joseph Blankenship identified some characteristic of a malicious insider. They include an employee who has:
Received a poor performance appraisal or found out that they are going to be fired
Expressed how much they disagree with company policies
Vehemently disagreed with coworkers, especially with managers or executive staff.
Purchased items that they shouldn’t be able to afford on their income.
Started to work odd hours outside of their normal routine
Started to travel to foreign countries, which is a sign of corporate or foreign espionage
Given notice that they are leaving the company
But don’t worry, there are steps you can take to protect against all types of insiders and make this a happy new year for the security team. For example, Pathlock offers a firefighting solution so you can easily manage privileged users while gaining a complete audit trail of what they’ve done. Receive alerts in real time to potential malicious activity so you get the promotion, buy the luxury car and go on that exotic trip because you earned it! Click here to learn more.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.