Sometimes an organisation is its own worst enemy. In fact, 60% of data breaches are caused by activities from within an organisation. This September marks the fourth annual Insider Threat Awareness Month, aiming to shine a light on the critical importance of detecting, defending against and mitigating damages from insider threats.

As stated by Andy Bates, Practice Director - Security at Node4: “Whether malicious or purely accidental – as is most often the case – it is essential that businesses take steps to protect against such threats.”

Types of Insider Threats

An important part of safeguarding against insider threats is to understand the different types of threats organisations may face. As expressed by Matt Rider, VP of Security Engineering EMEA at Exabeam, “Insider threats are not all one and the same. They come in an array of shapes and sizes and each one can threaten the security of an organisation in a unique way. It is helpful therefore to break these down into three distinct categories: malicious, compromised, and negligent.”

Rider explains that a “‘malicious insider’ is an employee who intentionally steals data, either for personal gain or to negatively impact the organisation involved.”

He goes on to state that a “‘compromised insider’, however, generally acts without malice and usually has no idea they’ve been compromised.” These threats are becoming more and more common, with cybercriminals ‘finding new and innovative ways of tricking employees into clicking links that enable ransomware to infiltrate an organisation's infrastructure’ - as described by Eric Bassier, Senior Director Products at Quantum.

The third, and potentially the hardest type of insider threat to manage, is a ‘careless’ or ‘negligent insider’. As communicated by Dalia Hamzeh – Senior Principal Enterprise Security Program Manager at Progress - “These threats could include an employee downloading pirated software on a company device that contains malware or reusing a corporate password on personal accounts” and are “much more likely to be the source of a security incident.”

With ‘careless’ insiders accounting for 63% of all incidents, it is vital that organisations have a course of action to safeguard against them and the damage they cause. Terry Storrar, Managing Director at Leaseweb, emphasises the importance of such protocols: “Without the right measures in place to protect confidential information, it can be easy for an employee to make a mistake and unintentionally leak sensitive data. This has the potential to cause significant, possibly irreversible, damage.”

Though each type of insider threat is unique, it is their origins from within a company that makes them universally hazardous. “Whatever the impetus, it is their position inside of the organisation that makes insider threats so dangerous. And the continual rise in digital transformation, BYOD, and remote working, is only making it harder to identify and mitigate such threats,” highlights Christopher Rogers, Technology Evangelist at Zerto, a Hewlett Packard Enterprise company.

Insider threats are not all one and the same. They come in an array of shapes and sizes and each one can threaten the security of an organisation in a unique way. It is helpful therefore to break these down into three distinct categories: malicious, compromised, and negligent.

Be Prepared

The first line of defence when it comes to insider threats is to be properly prepared for them before they occur. As stressed by Raffael Marty, EVP and GM Cybersecurity at ConnectWise, “to effectively prevent and stop insider crime, organisations need to have a comprehensive security program in place that focuses on both preparedness and visibility.”

In order to be prepared in advance, organisations need to have plans in place for “relevant organisational events and security relevant incidents - from what to do when an employee leaves the organisation, to the specific procedures enacted in the event of an electronic threat such as ransomware or denial of service attack”, continues Marty.

Not only should these plans be put in place, but they must also be kept up to date. Andy Swift, Technical Director – Offensive Security at Six Degrees, highlights the importance of these measures, especially regarding employee leaving processes: “When it comes to protecting organisations, leaving processes are important: redacting system access, expiring certificates, removing VPN access… There is a long list, and one of the pitfalls is often not keeping said list up-to-date. New systems with their own unique access requirements get brought online all the time, and making sure this list is reviewed regularly and updated is important.”

Visibility is also an essential part of insider threat awareness and defence - as Marty states: this “means being able to identify and effectively react to potential adverse actions.” He goes on to say, “Visibility also expands into understanding what employees are doing and how they are interacting with an organisation’s sensitive data.”

When it comes to protecting organisations, leaving processes are important: redacting system access, expiring certificates, removing VPN access…

The importance of Infrastructure and Training

In addition to being prepared for insider threats, organisations should also ensure they have the infrastructure in place to handle them should they occur.

Many industry experts suggest that organisations adopt a layered approach to security, including Bassier from Quantum: “Endpoint monitoring, content filtering, data loss prevention tooling and so on can all then be a much welcomed additional layer to the onion. Security in layers is everything!”

Additionally, automated security tools have become increasingly invaluable over the last few years, with the increased risks of the hybrid work model: “Outside of the security perimeter of a corporate office, employees are more likely to “let their guard down”. This is where automated security tools can help, such as data classification for labelling sensitive information, managed file transfer for secure data transmission and digital rights management to revoke access on the go,” clarifies Donnie MacColl, Senior Director of Technical Support at HelpSystems.

It is also worth noting that, aside from the latest security systems, employees can also provide a significant defence against insider threats - and thus training should be an integral part of organisations’ safeguarding strategies. As Rogers explains, “to mitigate against the careless employee, businesses should invest in regular training on cyber hygiene and security best practices including how to spot a phishing email and where to report them.”

Training allows employees to recognise and act against insider threats and fraud. After receiving training, they are better equipped to deal with emerging technologies such as “shallowfakes” which have become “increasingly prevalent in fraudulent insurance claims,” warns Martin Rehak, CEO at Resistant AI.

Should the worst happen…

As expressed by Brian Dunagan, Vice President of Engineering at Retrospect, a StorCentric Company, “during Insider Threat Awareness month we are reminded of the multitude of reasons a sound data backup strategy and proven solutions are critical.” He continues that, given the almost inevitability of cyber attacks, it is no surprise that organisations “are putting an increasing focus on their ability to detect and recover as quickly, cost-effectively and painlessly as possible.”

Should the worst happen, it is therefore vital for organisations to have a foolproof backup and disaster recovery strategy in place. Surya Varanasi, CTO at StorCentric, highly recommends an Unbreakable Backup solution: “What is required is an Unbreakable Backup solution that is able to create an immutable, object-locked format, and then takes it a step further by storing the admin keys in another location entirely for added protection.”

What is required is an Unbreakable Backup solution that is able to create an immutable, object-locked format, and then takes it a step further by storing the admin keys in another location entirely for added protection.

Reflecting this Insider Threat Awareness Month

Organisations should use this month to review their strategies against insider threats, making sure that they have the infrastructure, training and backup systems in place to respond effectively should they face such threats.

As Liad Bokovsky, VP, Solution Consulting at Axway concludes: “Insider threats only form one part of a wider threat-ecosystem that is regularly targeting and infiltrating organisations. Every business, big or small, is at the same risk of attack, however, with the right knowledge and tools, organisations can be in a good position to defeat them before they happen.”