Insider Threat Management

What the Biggest and Boldest Insider Threat Incidents Can Teach Us

Most organizations—especially those that have experienced a recent data breach—spend significant time and resources on education around external threats and implementing solutions to mitigate them effectively. But it’s rare to see similar investment toward informing users about internal threats, which are at the root of some of the biggest data breaches reported to date.

Not all insider threats are the same, but the risks and outcomes of these threats are frequently rooted in brand damage and financial loss for organizations. So, it’s essential for users to understand insider threats—what they look like, their potential risks and consequences, and how to combat them. 

As you’ll learn later in this post, some of the recent data leaks from 2021 and 2020 that we analyzed likely could have been prevented if users had been more savvy about insider threats.

Even small missteps can lead to the largest data breaches

It’s important to note that not all insider threats are malicious. In fact, 62% of insider threats are the result of negligent insiders. Negligent insiders are often well-meaning people who accidentally leak confidential or sensitive data. 

Another type of insider threat is a compromised user who may unknowingly fall victim to credential compromise or malware that infects and takes control of their devices. Compromised insiders are typically responsible for 14% of insider threat incidents, which can cost an organization $871,000 per incident, on average. 

However, not all compromised users are unknowing victims. In fact, in a recently detected campaign, cyber criminals were emailing employees within their target organization to solicit their help in installing ransomware.

Recent data leaks in 2021 and 2020 tied to insider activity

We reviewed some of the biggest and boldest insider threats over the past two years to determine where greater education about insider threat risks could have played a valuable role in preventing these recent data breach incidents. After all, the more your organization understands insider threats and the consequences associated with them, the better you can defend against them. 

Here’s a look at five of the insider threat incidents we identified that offer some great lessons:

Customer record exposure at Microsoft

What happened: Microsoft’s decision to store customer information on unsecured servers led to the exposure of 250 million customer records over a 14-year period.

Lesson learned: Whether intentional or negligent, data loss can create significant problems for any organization, ranging from financial loss to reputation and brand damage. In this case, security and privacy practices were called into question not only for Microsoft but other large organizations, as well. 

Database exposure leads to a class-action lawsuit for Vertafore

What happened: Negligent employees at insurance software maker Vertafore exposed a Texas Department of Motor Vehicles database after storing files on an unsecured external storage service. This recent data breach incident led to a class-action lawsuit.

Lesson learned: Training employees on proper cybersecurity processes and protocols is critical for any organization. In this case, the lack of training or guidance on how to store sensitive information correctly resulted in a class-action lawsuit after sensitive personal information was exposed.

Fraudulent invoices at ConocoPhillips

What happened: A ConocoPhillips employee created fraudulent invoices to trick the oil company into paying a friend’s business more than $3 million. But this was just the start; these actions were part of a larger embezzlement scheme that totaled nearly $7.3 million.

Lesson learned: A robust insider threat management (ITM) platform can help detect and prevent supply chain risks by recognizing fraudulent invoices and requests before it’s too late.

Unauthorized access in Ellsworth County

What happened: former employee at the Ellsworth County Rural Water District No. 1 in Kansas remotely accessed the water district’s computer system. He intentionally tampered with the disinfecting and cleaning process, risking the safety of the drinking water for the 1,500 retail customers and 10 wholesale customers across eight Kansas counties. 

Lesson learned: While this incident isn’t one of the largest data breaches ever reported, the potential impact on the residents and businesses in those eight counties could have been devastating—even deadly. Monitoring remote access to any network is an essential part of a robust cybersecurity plan to ensure that only authorized users can log in. Any unauthorized user should be flagged and prevented from accessing information before they have the chance to cause damage. 

U.S. military leak nuclear weapons security protocols

What happened: U.S. military personnel trying to memorize the security protocols around nuclear weapons protections unknowingly leaked a significant amount of sensitive information by using an unencrypted flashcard learning app. The information was publicly visible for eight years.

Lesson learned: Even the most well-intentioned employee can inadvertently leak sensitive information, putting the business—or, in this case, national security—at risk. Every employee should be educated and regularly reminded about cybersecurity best practices to minimize the risk of an accidental insider incident.

The big takeaway from some of the biggest data breaches: a robust ITM program is a must

The importance of understanding insider threats plays a major role in an organization’s ability to detect, respond and prevent them effectively. The five recent data breach examples described above show that malicious insiders aren’t always the ones who can cause brand damage or financial loss for an organization. The reality is that even well-intentioned employees can make mistakes that lead to their company earning a spot on the list of organizations that have suffered the largest data breaches.

That’s why it’s critical for organizations to have a robust ITM program that allows them to monitor how data moves so they can prevent data loss. After all, data doesn’t move by itself; people move data—and people are the greatest risk to any organization. The bottom line is that many of the recent data leaks in 2021 and 2020, as well as some of the biggest data breaches ever seen, can be traced back to malicious or negligent insiders. 

For more real-world examples of insider threats and additional valuable lessons learned, read the Proofpoint e-book, The Top 10 Biggest and Boldest Insider Threat Incidents of 2020-2021.

Subscribe to the Proofpoint Blog