The National Security Agency, The Office of Personnel Development, Barclays Bank, Target Stores. What do these organizations have in common? For one thing, they’ve all experienced some of the most publicized examples of insider threats, which, according to 2015 data by the Ponemon Institute, is costing organizations an average of $144,000 per incident (with a high of $4 million!) and as well as significant long-term damage to their organization’s reputation.
What exactly is an insider threat? Is it something that every company should worry about? The answer is a resounding yes. No matter the size of the organization, studies indicate that your data and intellectual property can and will at some point be stolen by someone inside your own walls. External cyber threats are definitely not your only problem.
According to the Insider Threat Spotlight Report, a study conducted this summer by LinkedIn’s Security Community and Crowd Research Partners, 56 percent of security professionals say insider threats have become more frequent in the last 12 months. In addition, while 74 percent of organizations feel vulnerable to insider threats, less than half of organizations have appropriate controls in place to prevent them.
Let’s start with who an insider is. The Merriam Webster Dictionary defines an insider as “a person who belongs to a group or organization and has special knowledge about it” and “a person who is in a position of power or has access to confidential information.”
Every employee is an insider. Some, because of their position or access to confidential information, are a higher risk than others. Unfortunately, even long-term trusted employees can become insiders.
Taking this a step further, according to eWeek, the CERT Insider Threat Center at Carnegie Mellon’s Software Engineering Institute (SEI) defines an “insider threat” as “a current or former employee, contractor or other business partner who has or had authorized access to an organization’s network, system or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity or availability of the organization’s information or information systems.”
So what’s the motive? Why would an employee decide to steal your data or intellectual property? There is a market for stolen data, with healthcare, financial and personal data at the top, as well as intellectual property – paying anywhere from 1 cent to $1,000 per record – so there is definitely a financial motive. Some employees steal information to sell to competitors. Some steal to personally benefit by starting their own companies or to bring with them to a new job. Some incidents are caused by disgruntled employees and some happen simple because the organization hasn’t educated them on what does and does not belong to them, so they inadvertently take it with them or share it outside their organization. Whatever the reason, it could cost you a lot of time and money trying to mitigate the situation once it happens
So, how do you prevent such incidents from happening to you? A few steps can be taken to stay ahead of the threat. It first starts by establishing an insider threat task force comprised of InfoSec, IT, Human Resources and your legal team. Together, this task force can work together to:
– Assign a risk level to each employee. How much access to company data does each have/asses the potential for damage.
– Implement a user behavior and activity monitoring solution. This helps you detect and respond to any potential insider activity.
– Create and implement a fast and direct response when unusual activity is detected.
With insider threats growing rapidly, be sure your organization has a strategic plan in place to detect and respond to these types of attacks.