When it comes to cybersecurity threats, organizations can’t afford to take a reactive approach. That’s especially true of insider threats—the threats posed by individuals from within an organization, such as current or former employees. Responding to threats only after they have occurred can be very costly and disruptive.
Research from Ponemon Institute conducted for Proofpoint shows that the average cost of a malicious insider incident is almost $650,000. Negligent users cause more than $484,000 in losses per incident. Insider incidents also take 85 days to contain, on average. So the damage to reputation, productivity and security can be difficult for organizations to recover from quickly or completely.
Data loss and breaches can often be traced back to the actions of an individual—whether that person is a malicious attacker, a disgruntled employee or a careless user.
Insider threats are becoming a top risk for organizations. This isn’t surprising given the widespread shift to remote work and rapid digital transformation in recent years. Greater use of the cloud and employees’ use of personal devices for work and to connect to various networks, including from home, have made systems, tools and applications more vulnerable to insider threats.
Ensuring your organization is well-protected from these threats requires a proactive approach with both technical and nontechnical emphasis.
The signs of risk
“Problem in chair, not in computer” (PICNIC). That term is meant to convey that security breaches are often the result of human error or intent—ill or otherwise. If employees don’t receive effective training that stresses the importance of cyber vigilance, they may inadvertently cut corners.
Unaware of the risks they face, users will break security policies to reduce friction in their day-to-day work. Forgetting to regularly update and patch their devices, misplacing devices, or sending confidential data to unsecured locations are all problems that can arise from poor cyber hygiene.
After making a mistake, employees are more likely to respond to ongoing security awareness training and support rather than targeted coaching. Encouraging your workforce to continuously learn and improve on how they interact with data will help ensure your entire organization is one step ahead of vulnerabilities.
The importance of real-time monitoring
Malicious insiders also pose a real threat to organizations and their data. No amount of training can prevent malicious intent. However, holistic visibility and monitoring can prevent this intent from resulting in real damage.
Departing employees must have their access completely withdrawn. And IT teams must have full visibility into how data is being moved across cloud, email, endpoints and the web. Automation has a role to play here, too, by accelerating incident identification and response time in a way that is easily visualized.
Employee numbers are fluctuating in many organizations due to widespread layoffs and ongoing economic certainty. So it’s even more important for organizations to keep track of access rights and revoke user access when immediately necessary. They must also ensure that they have effective verification and authentication methods in place.
Organizations that promote collaboration between security and other teams like human resources and legal to achieve this approach will be better positioned to combat the risks associated with insider threats more confidently.
Staying one step ahead
The monetary costs of insider threats and the data loss from these incidents are easy to understand. However, the indirect costs from business disruption and the potential loss of opportunities for your organization can be less obvious in the near term, but they can be just as damaging.
The best way to protect your organization from insider threats is to create a culture of cyber vigilance. Train your employees on best practices, and invest in technologies that promote visibility and integration across cloud, email, endpoints and web. These efforts will enable a more proactive approach to insider threats and help you to manage other cyber risks.
Find out more about Ponemon’s research on the costs of insider threats in the Proofpoint report, 2022 Costs of Insider Threats Global Report.
A version of this article originally appeared on computing.co.uk.