When IT leaders think about insider threats, scorned employees making off with intellectual property or stealing data for financial gain may come to mind. However, most insider-related incidents stem from carelessness rather than maliciousness.
Research by Ponemon Institute conducted for Proofpoint examined the costs of all types of insider threats, from careless users to malicious insiders and credential thieves. Their research found that 56% of insider attacks in 2022 were related to employee or contractor negligence or carelessness. These attacks were costly, too—averaging $484,931 per incident.
Types of insider threats in Ponemon Institute’s global study
IT and IT security professionals interviewed for the global study reported being most worried about credential theft. Malicious insiders and negligent users were also top concerns. These findings suggest they may be underestimating the risks of human error.
New ways of working and new risks
Employees who raise their organization’s insider threat risk may simply be trying to do their jobs. Workers who have access to sensitive data may cut corners when rushing to finish a task or project. Or they may be unaware of the steps they should take to secure their devices. Either way, the result can be employees storing data in unsecured environments.
The rise of remote work has made mitigating insider threat risk even more challenging. Employees are working further outside of their organization’s traditional security perimeters, accessing corporate networks using personal devices, and moving from place to place.
This environment is creating new vulnerable entry points and risks, making it easier for data to fall into the wrong hands due to carelessness. An employee leaves a device on public transport. They unwittingly click on a phishing email while distracted. They forget to install a vital update away from the watchful eyes of IT teams. It might not even be one of the organization’s own employees, but a contractor or an employee in the supply chain.
Another risk stems from increased employee churn. Post-pandemic economic uncertainty has resulted in large numbers of people changing or leaving jobs. And data shows that people often take sensitive data and credentials with them when they go. Unfortunately, organizations may not always follow their security policies when offboarding employees at scale. But carrying out these processes securely is important, especially because insiders are likely to try and take data to a new job.
Research for the latest State of the Phish report from Proofpoint found that of the 25% of survey respondents had changed jobs within the past two years, and of those who left their jobs, nearly half admitted to taking data with them when they left. Nearly 65% of organizations reported that they had experienced data loss because of an insider.
Improving cyber awareness
Having the right tools helps to create a strong security foundation. But if employees bypass security policies while carrying out their jobs or send data to unsecured environments, these tools are all but redundant. A people-centric approach to cybersecurity is therefore essential.
Promoting a culture of cyber vigilance requires regular training to assess employees’ current level of security awareness and identify areas for improvement. Regular testing of cyber literacy, without creating a blame culture, is also essential to assessing the efficacy of a training program and improving awareness levels.
For those businesses that don’t yet have a security awareness training program, ensuring everyone in the organization understands security protocols and the consequences of data loss is a good starting point. So, too, is creating up-to-date bring your own device (BYOD) policies and establishing a process for employees to flag potential security issues.
Technology and training in tandem
Training is important but can only help so much. Even the most alert employees are capable of making mistakes on the job. Technology is also needed to catch security blunders that fall through the net. Technologies that can help mitigate the risks from malicious and careless insider threats include:
- Data loss prevention (DLP)
- Privileged access management (PAM)
- User and entity behavior analytics (UEBA)
- Security information and event management (SIEM)
Organizations should also implement a people-centric insider threat management (ITM) program that is suited to today’s world of work. ITM makes it easier to see what information employees are accessing and how data is moving throughout an organization. This insight can help your organization improve its ability to detect and respond to insider threats with speed and scale.
Digital transformation and hybrid work continue to redefine organizations’ security perimeters. In this environment, a combination of advanced technologies and a culture of cyber vigilance are needed to better identify and detect risky behavior before data loss, downtime or financial consequences can occur.
To find out more about the rise of insider threats, read the 2022 Cost of Insider Threats Global Report from Proofpoint.
The original version of this article was posted on computing.co.uk.