An Insider Threat is a person or group of persons within an organization who pose a potential risk of harm to a company. That harm can be in the form of a security breach, the theft of intellectual property, or even damage to a company’s brand through accidental exposure of sensitive information. These threats can originate from employees, contractors, business partners, or even internal accounts that have been breached.
Insider threats are realized when an Internal threat actor(s) exploits their inside knowledge of or access to an entity’s security program, computer systems, services, products, facilities, or critical data and use that knowledge or access to cause harm.
It is important to remember that not all insider threats are malicious. Some compromises occur due to insider accidents such as publishing a Website without appropriate content controls or permission restrictions leading to data being exposed accidentally to the Internet.
How big of a problem is Insider Threats? The Statistics please…
In 2019, the Verizon Data Breach Incident Report (DBIR) reported that 28% of compromised networks were due to insider threats (comprised of malicious insiders and accidental errors).
What does this mean for your SMB?
SMBs are at risk of insider threats just like any other business with a large amount of critical and sensitive data. The important message for an SMB is to train employees to watch for the signs of “strange behaviors” that some internal employees may display while committing crimes against your company. Train your staff on insider threats and if they see something, train them to say something, to a manager or senior leader. Additionally, employ these methods to reduce inside threat risks to your business, whether accidental or intentional (each term mentioned links to another CyberHoot cybrary cybersecurity definition):
- Implement the Principle of least privilege;
- Limit who has access to critical and sensitive files following the principle of need to know;
- Implement Data Loss Prevention technologies on your email systems to spot critical and sensitive data leaving your business; and
- Train employees on the security basics including malicious insider threat and accidental insider threats.
- Have a strong off-boarding process to remove all access for departing employees.
Related Term: Accidental Insider Threat, Malicious Insider Threat, Outsider Threat
Source: CNSSI 4009; NIAC Final Report and Recommendations on the Insider Threat to Critical Infrastructure, 2008