Welcome to our two-part series about security awareness training for insider threats. To lay the foundation, it’s important that everyone on your team has a basic understanding of insider threats. They are an often-misunderstood category of cybersecurity threat (more on that later).
In this post, we’ll focus on how to communicate the basics of insider threats to your team. This means defining insider threats and why they’re so relevant right now.
Help your team understand insider threats
An insider could be anyone who is close to the organization. That means an employee, contractor, or partner. Insider threats stem from the misuse of authorized access to critical information or systems.
Most people believe that insider threats are always malicious. News headlines most often focus on sensational stories, such as undercover corporate spies. In reality, 62 percent of insiders accidentally cause incidents. For example, they may mistakenly share a document with the wrong email address via a cloud service. Or, they might accidentally click on a phishing link. Some insiders (22 percent) are compromised, which means they are victims of credential theft. Only 14 percent of insiders intentionally cause incidents.
Key takeaway: These stats will vary some in each organization depending on your employee churn, workforce pressures, social engineering risks, third-party dependence and location risks of the workforce. That is even more reason to educate your workforce around the organization’s risks with security awareness training. Many insider incidents are preventable. Since insider threats are so unique, train employees on best practices and how to distinguish an insider threat. A good insider threat management program aligns security awareness with other defenses (such as protection, detection, response and recovery).
Answer why employees should care now
The pandemic has resulted in big changes for most organizations. Some of these changes have increased the risk for insider threats. For example, many teams are distributed and working remotely. It’s uncertain exactly how and when people will return to a traditional office setting. Not to mention, organizations are relying on fewer resources to get the job done.
This means third-party contractors and vendors may be in the mix more often. These groups may not have an intimate understanding of your security policies. They may also be unaware of what’s on your approved technologies list. Many follow their own security policies, which may be different than what your organization requires. Trusted third parties need to understand security awareness just as much as employees do.
Remote work has also made employees rely more on technology for collaboration and productivity. Teams may not know which of these new tools fit into cybersecurity policies. This increases the chances of data loss, especially from insider mistakes.
Key takeaway: Security teams have an important role in communicating the “why” behind any insider threat and security awareness training program. Explain why understanding insider threats matters more now than ever before. Make it memorable to your team by using language unique to your organization. Telling a story or using an example will often resonate with your audience more than just theories.
For example, imagine a peer organization was recently featured in the news because of an insider threat caused by a third-party contractor. Discussing the incident, your organization’s security measures and response mechanisms with your employees in multiple forums (company meetings, email and department meetings) may help them understand the importance of maintaining a strong third-party risk management and security culture.
Understanding insider threat types
Now that your team knows the basics, it’s time to drill into detail on insider threat types. Our next post in this series will help you explain to employees how insider threat incidents happen. This will empower them to prevent accidental incidents, and know how to escalate an intentional insider threat if they see one.
Subscribe to the Proofpoint Blog