Insider Threat Management

Insider Threat Awareness: Debunking the Top 3 Myths

The biggest asset for today’s organizations is also their biggest risk: their people. And many businesses will likely agree that most of their employees lack the security awareness education to ensure proper precautions are in place to prevent data leaks. In fact, according to the 2021 Data Breach Investigations Report from Verizon, 85% of breaches involve a human element.

Inside threats are on the rise for many reasons—from employees falling for phishing scams to sharing user privileges. But employees aren’t the only “insider” organizations need to worry about. There are many definitions of an insider, and that’s led to some misconceptions about what insider threats are—and how you can protect your organization against them.

What is an insider threat?

An insider threat, as we define it, is when an insider intentionally—or unintentionally—misuses their access to an organization’s data. This misuse can negatively impact the confidentiality, integrity or availability of an organization’s critical information or systems. 

Insider threats can come from any person at any level in your organization. And insiders aren’t just current or former employees but also any third parties your business works with, like vendors, contractors and partners.

Next, let’s take a look at the top three myths associated with insider threats. 

Myth #1: Insider threats are always malicious 

One common misconception about insider threats is that they’re always malicious. But according to a recent Ponemon Institute study, malicious insider threats are just one of the three most common types of insider threats—and they represent only 23% of insider threat incidents.

The three most common types of insider threats are:

  • Malicious insider—someone who has malicious intent to harm the organization from the inside
  • Negligent insider—employees or third parties who make a mistake that unintentionally causes incidents 
  • Compromised insider—someone who has fallen victim to a phishing scam, granting credential thieves unauthorized access to applications and systems 

The most common insider threat is negligent insiders; the Ponemon study found that they account for 62% of insider threats. Yet, compromised insiders, which Ponemon says represent just 14% of all insider-related incidents, cost organizations three times more per incident than a negligent insider ($871,686 per incident, on average).

Myth #2: Data loss and insider risks are separate problems

Many cybersecurity programs have focused heavily on the use of perimeter-based security tools to prevent sensitive data from leaving the organization’s network. These tools were effective when everyone worked within the same four walls, but today’s cloud-based, mobile and remote way of working requires a modern approach to security. 

Legacy DLP solutions offer organizations the ability to track data movement—but not behavioral awareness. That often results in security teams facing a constant barrage of alerts. In a recent survey, nearly 70% of security operations center professionals reported that three in every four incident alerts they investigate with their traditional DLP solutions are false positives. 

Traditional DLP solutions alone can’t solve insider threat issues because they’re designed to prevent data loss, not to identify or mitigate insider threat risks. However, modern DLP solutions offer a people-centric approach that connects the dots between people and real threats more effectively. Security teams can more efficiently gather context around a potential insider threat, reducing the time required to investigate it. And with greater insight and a better understanding of what the risk is, they can better prevent, detect and respond to insider threats.

Myth #3: ITM is up to the security team

Most organizations leave insider threat management (ITM) up to the security team. They are, after all, the team tasked with monitoring the network to detect unusual activity. But when it comes to ITM, bringing in all departments―including human resources, legal, compliance, and communications―is a better strategy because it enhances the overall program. 

With everyone in the loop, the security team can make the incident investigation, containment and response process more effective across the board. And with a dedicated ITM solution, they can abandon ad-hoc approaches to gathering data and instead, produce detailed evidence reports to support any necessary actions to follow. 

Key takeaways

From the vast list of what constitutes an “insider” to the growing threat landscape in today’s cloud-based, mobile and remote working environment, it’s easy to see why there are so many myths and misconceptions around insider threats. What is clear, though, is that organizations need a modern approach to security to manage these threats effectively. 

Implementing a people-centric approach to security, like the Proofpoint Insider Threat Management (ITM) solution, can help your teams monitor, detect and respond to insider threat incidents before a data leak occurs.

To expand your awareness of the types of insider threats and the impact they can have on an organization, down load the free Proofpoint e-book, The Top 10 Biggest and Boldest Insider Threats.

Subscribe to the Proofpoint Blog