Why Insider Threats Remain The “Wild Card” In Cybersecurity

In today's cybersecurity landscape, insider threats have emerged as one of the most unpredictable and damaging risks organisations face. Coming from within the entity, these risks may stem from current or former employees, contractors, or business partners who have, or have had, authorised access to the organisation's systems, networks and sensitive data. 

The data paints a sobering picture: the past two years alone have seen a 44% surge in insider threat incidents, with the average cost of each incident reaching an eye-watering $15.38 million.

More alarmingly, between 2019 and 2024, the number of organizations reporting insider incidents has grown from 66% to 76% – that's nearly three-quarters of all organisations grappling with this issue.

Understanding The Insider Threat Landscape

Insider threats generally fall into three distinct categories:

  • Malicious Insiders: Individuals who intentionally misuse their access for personal gain or to inflict harm on the organization.
  • Negligent Insiders: Those who inadvertently compromise security through carelessness or lack of awareness.
  • Compromised Insiders: Individuals who have been coerced or manipulated by external actors into actions that jeopardise the organisation that employs them. 

Each of these profiles presents unique challenges, but all contribute to the increasingly complex and dangerous threat landscape.

So, what should organisations be on the look-out for when it comes to insider threats?

Statistics reveal some concerning trends. A significant 38% of employees involved in dishonest behaviour have been with their organisation for less than a year, suggesting a higher risk-taking propensity early in employment. Further, 75% of those recorded for unlawful data acquisition or disclosure have been employed for under five years.

These findings underscore the need for enhanced onboarding processes, robust internal controls, and proactive intervention strategies.

However, longer-term employees are not exempt from risk. A striking 80% of those involved in bribery have been with their organisation for over ten years. This could be triggered by personal grievances, a sudden change in financial or personal circumstances or simply disillusionment with the company direction. 

The most important takeaway here is that there is not a ‘type’.  As such, detecting insider threats is a real challenge but there are several factors that organisations should consider a red flag and monitor closely. 

The first is unauthorised or suspicious data access and handling; this includes accessing sensitive information or systems without a legitimate need-to-know. Downloading copying, or transferring large amounts of data, attempting to bypass security controls or access restrictions and the unauthorised use of removable media or external storage devices should also be considered unusual and a potential security risk.

The next category is information technology misuse, such as installing unauthorised software, exhibiting unusual network activity, excessively using personal email or cloud storage for work, or experiencing frequent password resets or account lockouts.

Other categories include disgruntled or disruptive behaviour from staff, suspicious communications – perhaps with foreign entities or competitors, the use of encrypted or anonymous communication channels or even attempts to circumvent communication monitoring or surveillance systems.

Personal or financial issues are also something to look out for. Sudden or significant changes in lifestyle or spending habits, involvement in illegal activities or substance abuse, financial difficulties such as debt or gambling problems can all increase an individual’s risk profile.

How To Manage Insider Risk

Managing insider risk effectively requires a holistic approach. The employee lifecycle—starting from hiring practices to the working environment, training programs, and leadership quality—can significantly influence the likelihood of insider threats. Organisations should ask themselves - are we hiring the right employees? Are we providing adequate training? Does the organisation's culture encourage ethical behaviour, or does it create an environment where malicious actions thrive?

Collaboration between HR and IT is critical in reducing insider risk because it combines the strengths of both departments to create a comprehensive approach to security. 

Training is a critical component of insider threat management. Organisations must align security training with company culture, set clear expectations for both leaders and employees, and conduct regular training sessions to reinforce the importance of cybersecurity. Encouraging preferred employee behaviours and setting a positive tone from the top can go a long way in preventing insider threats.

On the technical front, solutions like Data Loss Prevention (DLP), User Activity Monitoring (UAM), and User and Entity Behaviour Analytics (UEBA) play a vital role in identifying potential risks before they escalate. Combining these tools with high-quality data can provide organisations with a comprehensive view of user activity, helping to detect anomalies and unauthorised behaviour in real time.

We should also remember that insiders are not always acting alone. External actors, such as hackers, can exploit weak security practices or vulnerabilities to turn outsiders into insiders. Poor cybersecurity hygiene significantly amplifies the potential for destruction, with organisations that maintain strong security practices experiencing 35 times fewer destructive ransomware events. 

Insider threats are a formidable challenge for organisations and their cybersecurity. However, with the right strategies in place and by adopting a proactive, multifaceted approach, the risk and impact of these “wild card” threats can be reduced. 

By combining their expertise and resources, HR and IT can create a powerful synergy that significantly reduces insider risk. The HR department has deep insights into employee behaviour, motivations, and potential vulnerabilities. This knowledge can help IT Security teams identify early warning signs of potential insider threats and tailor security measures accordingly. In addition, HR policies and practices can significantly influence the likelihood of insider threats.

By working together, HR and IT can develop policies and procedures that foster a culture of security, promote ethical behaviour, and discourage risky actions.

Miguel Clarke is  GRC and Cyber Security lead for Armor

Image: Ideogram 

You Might Also Read:

Imminent New SEC Cyber Security Rules:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Google Invests In U.S. Education With 15 New Cybersecurity Clinics
British Government Minister Predicts Russia Will Step Up Cyber Attacks  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Fredda Stanza

Fredda Stanza

Fredda Stanza specialize in Information Security and Forensics Consulting.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

Dataguise

Dataguise

Dataguise provides a data-centric security solution to detect, protect, and monitor sensitive data in real time across all data repositories, both on premises and in the cloud.

Insta Group

Insta Group

Insta are a trusted cyber security partner for security-critical companies and organizations.

SIGA

SIGA

SIGA provides cyber security solutions for Industrial Control Systems SCADA systems used in critical infrastructures and industrial processes.

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

Blaze Information Security

Blaze Information Security

Blaze Information Security is a privately held, independent information security firm born from years of combined experience and international presence.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

Dale Peterson

Dale Peterson

Dale Peterson, a leading ICS security and control system IT information expert, provides consulting services to assess and improve the security of SCADA and DCS.

link22

link22

link22 offers a high level of expertise within IT security and system solutions. We help public and private actors with highly secure IT-solutions.

CryptoDATA

CryptoDATA

CryptoDATA develops products and services based on Blockchain technology, that ensure user security and data encryption, applicable in various fields.

Data Pie Cybersecurity

Data Pie Cybersecurity

The Data Pie Cybersecurity Consulting offers a 360° around protection for your IT security. Security awareness solutions and consulting.

StrongBox IT

StrongBox IT

Strongbox IT provides solutions to secure web applications and infrastructure.

ClearSky Cyber Security

ClearSky Cyber Security

ClearSky cyber security provides cyber solutions, focused on threat intelligence services, mainly for the financial sector, critical infrastructure, public sector and the pharma sector.

Custom Computer Specialist (CCS)

Custom Computer Specialist (CCS)

CCS offers an extensive range of services including cybersecurity solutions, consulting, implementation, and support to help our clients maximize the value derived from IT investments.

Cyphershield

Cyphershield

Cypershield is a Security and Smart Contract audit company providing professional smart contract auditing services for varied Crypto projects.

Oxford Information Labs (OXIL)

Oxford Information Labs (OXIL)

Oxford Information Labs brings together world-class software programmers and policy experts to provide a unique mix of expertise and hands on technical solutions.