What is it?
A hostile action against an organization performed accidentally or maliciously by individual(s) who possess intimate knowledge of, and access to, a company’s infrastructure, security, and business processes.
Why is it important?
The term is important because insider threat is one of the main causes of data exfiltration – theft of data – affecting organizations today. Insider threats can cause grave damage to an organization’s finances and reputation.
Why does a business professional need to know this?
As organizations try to gain application and infrastructure efficiencies with cloud and virtualization technologies, they are flattening the network, eliminating system silos, and connecting systems company wide. This has led to more and more people having broad, privileged access to company data and resources.
With increased access comes a greater potential for abuse, both malicious and accidental. Business professionals must ensure that proper security controls are in place to ensure that permissions are used appropriately.
Two critical security controls are training and employee monitoring:
- A robust security training and threat awareness program helps reduce the success of phishing and social engineering attacks by helping employees learn how to avoid accidentally releasing privileged user information to outside malicious actors.
- Behavioral monitoring software can track employee behavior on the network and detect actions that appear to be unauthorized, suspicious, or malicious. Such software can often prevent such activity in real time, by logging questionable activities and notifying the appropriate stakeholders of suspicious employee actions.
Insiders have different motivations, including financial, competitive, nationalist, or even simply a desire to cause mischief or chaos. Verizon’s Data Breach Digest describes a variety of case studies, including one where an insider stole more than 500,000 British pounds by manipulating a banking system to redirect money to offshore accounts.