Two trends in recent years are combining to exacerbate insider threat risks at companies. First, companies continue to foster cultures of openness and collaboration that often run contrary to the needs of a security-oriented mindset. Second, the mainstreaming of hybrid work has made companies’ control over data and device usage during work more tenuous.

Addressing insider threats

We’ve seen repeatedly that companies have the tools, structural choices, and decision-making power across their organisation to combat insider threats. But those tools and processes often exist in silos, preventing CSOs and CISOs alike from seeing the full picture, and thus causing important signals to go unnoticed or worse, missed.

Over the next year, we’ll see increased collaboration and cooperation among CSOs and CISOs and their teams to join forces and take down arguably their common number one enemy: insider threats.

How significant is the problem?

To properly conduct an investigation, one must be radically focused on recognising cyber-physical security risk

If we have learned one important thing in the last several years, it is this - To properly conduct an insider threat investigation, one must be radically focused on recognising the convergence of cyber-physical security risk indicators, and therefore no stone can go unturned.

In discussions I’ve had with leaders in the human resources (HR), legal, cybersecurity, and IT and security departments of major corporations, there’s a growing awareness of insider threat risks. Statistics help bear that out.

Cybersecurity threat risk

The cost of a cyber insider threat attack rose from $11.4 million in 2020 to $15.3 in 2022, according to research from the Ponemon Institute, which focuses on cybersecurity. And it often takes months for these schemes to be detected.

What is the main driver of risk from insider threat? Fraud and Intellectual Property theft are often a motivator for an insider acting out, according to data cited by the Cybersecurity and Infrastructure Security Agency.

Exploiting security weakness

It’s not surprising that banking and financial services organisations are near the top of the list when it comes to being at risk of insider threats. Additionally, Theft of IP accounted for more than 20% of insider threats at healthcare organisations, while sabotage made up more than half of insider incidents at IT organisations.

Another important risk that cannot be ignored is the protection of critical infrastructure and the collateral damage associated with those types of attacks. They are not only debilitating, but the actors are also often much more sophisticated, and will often exploit the security weakness of an honest employee or contractor to gain access to the organisation.

Encouraging cooperation

Insider threat prevention requires cooperation. In theory, it’s everyone’s job. In practice, individual teams have mission-focused tunnel vision which often prevents them from working together more effectively.

Example 1

Employees engaged in ongoing fraud often skip vacations fearing that colleagues assuming their duties will uncover their theft

I’ll give you an example. One indicator of an insider threat is employee disengagement. The opposite is also true. Employees engaged in ongoing fraud often skip vacations and sick days, fearing that the colleague assuming their duties will uncover their theft. These are concerns for HR and audit functions.

How likely is it that HR is going to discuss with the security team that someone has skipped vacation for several years running, or that another person has suddenly started turning in a sub-par work product?

Example 2

Another example: an employee on a performance improvement plan suddenly begins downloading large amounts of data, sometimes circumventing document handling controls.

Is the cybersecurity team familiar enough with that employee’s duties to know that this behaviour is unusual?

Utilising technology

My point is that in case after case of an insider threat incident, it’s quite common for an organisation to have missed several opportunities to identify risks because teams aren’t disseminating information efficiently, even though they may already have the tools to uncover indicators of compromise.

Executives are starting to realise that technology can help manage these threats and help get people on the same page. Technology needs to be supported by training and education to help everyone understand what to look out for to better understand the nuanced indicators of risk. Only teamwork can bridge the gap.

Download PDF version Download PDF version

Author profile

Thomas (Tom) Kopecky President & Chief Strategy Officer, Ontic Technologies

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?