In 2021, an employee with the Dallas Police Department deleted nearly nine million files because they “didn’t have enough training in properly moving files from cloud storage” and failed to first verify the existence of back-up copies. While no malicious activity took place, the incident led to a massive data leak and even slowed down prosecutions. Internal or “insider” threats like this—whether accidental or intentional in nature—are one of the most overlooked risks for today’s organizations. According to one report, over half of organizations experienced an insider threat last year! Here, we look at what your team needs to know about insider threats—and how you can prevent them.
What are insider threats?
The Cybersecurity & Infrastructure Security Agency (CISA) defines this as the “threat that an insider will use their authorized access, intentionally or unintentionally, to do harm to the department’s mission, resources, personnel, facilities, information, equipment, networks, or systems.” Insider threats can stem from anyone who has a connection with your business, including employees, consultants, or even non-affiliated persons who you simply just trust. Even someone with a badge or physical access (like a custodian or repair person) can present an insider threat.
It can be challenging to identify an insider threat because it often stems from basic employee recklessness, carelessness, or poor training. However, an insider threat can also be an intentional and malicious act on the part of a disgruntled employee.
If you’re worried about the risk of a damaging internal threat at your organization, you’re not alone. According to the 2023 Insider Threat Report, only 3% of security professionals are not concerned with insider threats.
Indicators of Insider Threats
It’s important for your team to keep an eye out for indicators of an insider threat. Failure to do so can lead to significant damage. For example, an insider security breach at Marriott affected nearly 400 million hotel guests and incurred a £18.4 million fine. You need to be able to spot an insider threat and respond quickly. Here’s how you do that:
Stressed Workers: According to the State of the Global Workplace 2023 report, employee stress levels are at an all-time high. Busy, stressed, uninformed, or poorly trained employees are all capable of accidentally clicking on malicious emails, setting poor passwords, or mistyping an email address. Prevent an unintentional insider threat with a strong and automatic defense that takes the onus of your stressed employees. Make sure your anti-virus software is up-to-date and monitor for patches, and invest in proper employee training on cybersecurity basics.
Watch for Behavior Changes: Disgruntled employees can act intently and maliciously against your firm, leading to a damaging insider attack. Work with your HR and leadership team to listen for verbal dissatisfaction from workers complaining about anything from wages to schedules to feeling pressure to meet unrealistic expectations. Another concerning behavior is if someone suddenly makes drastic changes to their time off. Attitude and schedule changes may signal someone is at higher risk of being an insider threat.
Thwart Unauthorized Access Attempts: Another thing to watch for is if an employee or vendor continually attempts to access applications that they are not authorized to access, which could indicate early attempts at an insider attack. To prevent this, institute strong access privilege rules and only grant access to the people who need it.
Monitor Unusual Logins: Keep an eye on how your employees are logging into different systems. Remote logins or logging in from unusual locations or during odd hours could be a sign of trouble. Also watch for what people are logging in with. If your authentication logs show numerous and unexplained occurrences of someone trying to log in with usernames like “test” or “admin”, this could be another red flag.
Prevent an Insider Threat
By their nature, insider threats can be tough to spot. The best way to prevent an attack is to take preventative measures to mitigate your risk. For example, the Dallas Police Department’s insider attack could have been prevented or minimized with data monitoring technology, regular backups, and employee training.
A great place to start is with a risk assessment of your firm and technology infrastructure. At N8 Solutions, we offer a free IT assessment and audit to help you identify your vulnerabilities and strengthen your cybersecurity operations against both internal and external threats, from implementing the latest security software to customized employee training. If you have remote workers, another recommended preventative measure is to invest in an employee monitoring solution.
Don’t let your team be the source of your next breach! Please get in touch with us today to schedule your free assessment.