The Million-Dollar Insider Threat: Exposed

By Eric Noonan • November 21, 2016

The threat posed by someone inside an organization is often overlooked and poses the highest risk. A survey from SANS found nearly a third of organizations have no capability to prevent or mitigate an insider attack or incident, while over a third estimated the potential loss from an insider threat to be over $1 million, before including the immeasurable damage to brand and reputation. Overall, the survey identified there is a positive trend of organizations starting to recognize the risks posed by insider threats but organizations are struggling to deal with them.

Recognizing the Risks

The SANS survey focused on threats posed by insiders because people inside the organization “may have unfettered access to sensitive data, as well as the means, methods, and motives to access information, virtually undetected.” The survey found a pattern of organizations correctly voicing concern for risks posed by negligent or malicious employees, but are too often failing to focus on solutions.

Following that same trend, the survey determined prevention is currently more a state of mind than a reality. More than 68% of organizations surveyed considered themselves able to prevent or mitigate an insider attack; yet over a third of organizations indicated they have still suffered actual insider incidents or attacks. The costs of these types of attacks are very often immeasurable damage to brand and reputation.

Identifying Types of Insider Threats

Threats from an insider often go unprevented because they go undefined. The first step towards an effective solution to the problem posed by insiders is to identify and understand the types of insider threats. CyberArk offers excellent solutions for insider threats and recently published an eBook that helps to identify these types of threats:

The Exploited Insider

  • 49% of accidental insider breaches are caused by phishing. (Source)
  • Attackers gain access to the user’s machine and capture all privileged credentials available.
  • Can also be an insider acting in response to external coercion.

The External “Insider”

  • Most organizations allow third-party vendors access to their internal networks.
  • Just like employees, these external “insiders” are also a target exploited by cyber attackers.
  • In 70% of cyber attacks with a known motive, there is a secondary victim, targeted due to their trusted access. (Source)
  • Most leading institutions have 200-300 high-risk third-party relationships. (Source)

The Malicious Insider

  • Usually the most difficult to detect. (Source)
  • Commonly have the highest potential costs. (Source)
  • 50% are current employees and 50% are former employees. (Source)

The Unintentional Insider

  • 56% of internal incidents in 2015 were attributed to the inadvertent misuse of data or an accident. (Source)
  • Do not intend to jeopardize sensitive data.
  • Risks are often introduced in attempts to increase productivity or efficiency.

Detecting and Mitigating the Threats

Excellent privileged access management practices are at the heart of detecting, preventing, and containing threats posed by insiders. Least privilege access and monitoring solutions are more crucial today than ever before, for organizations of all types and sizes.

Important solutions for securing against insider threats:

  • Privileged user access control & credential management
  • Privileged session monitoring
  • Session isolation and control
  • Granular, on-demand privileged access control
  • Behavioral analytics and threat detection

Implementing effective solutions to reduce and eliminate risk from insider threats requires detailed knowledge of the solutions available as well as how they can be most effectively applied to your unique organization. Get a free risk assessment from CyberSheath’s innovative Privileged Access Management team by clicking below, and start securing your organization from the inside out.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMCEnclave: Add Versatility with a More Flexible Approach

The enclave approach to CMMC compliance is one of the most cost effective and least disruptive ways to safeguard CUI. You can maintain high-value custodial security of CUI without upending your existing processes, procedures, and people. That way, you can maintain the proper level of CMMC compliance and remain eligible…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft

CMMC Con 2021 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.