Insider threats are on the rise. The World Economic Forum namedmalicious insider activityone of the top three concerns for cyber leaders. This supports what many cybersecurity and information governance experts have long expressed that internal threats are just as critical as external ones. Unfortunately, organizations are often less prepared to mitigate insider threats than they are for the more prominent, publicized external variety.

Insider threats occur from within the enterprise, either through unintentional mistakes or due to malicious insiders looking to steal or leak corporate data for a personal agenda.

Inadvertent threats can occur when, for example, employees make a mistake such as missending an email, misconfiguring a system, or otherwise failing to keep up with a companys security requirements.Insider threat incidents rose 44% between 2020 and 2022and reportedly cost more than US$15 million per incident.

In contrast, malicious insiders deliberately create threats. For example, our teams encountered a recent case at a fund management organization where an employee was caught stealing intellectual property. In this case, the employee wasnt sending data to a personal account or device but rather sharing and leveraging the organizations proprietary trading strategies to secure a position at a competing firm.

The organization had comprehensive security controls in place; as such, the malicious activity was detected when the employee triggered an internal warning system by printing a sensitive document. A lengthy investigation followed to uncover the full extent of the employees activities and the scale of exposed IP. This was particularly challenging because investigators were not looking for a specific file or document. Ultimately, the investigation successfully recovered the information from the employees systems, personal devices and the competitors systems.

The frequency of malicious internal attacks is increasing 67% of organizations reportedbetween 21 and 40 incidents per year in 2022, a 60% increase in frequency reported the previous year. Fortunately, there are behavioral and contextual warning signs that security, governance and legal teams can watch for. These include:

So, how can an organization best address this reality? Organizations should begin withrobust information governance, privacy and security programs supported by executive leadership and the board. Programs must be grounded in a risk-based approach and built into the foundation of systems and workflows. Companies should train employees to understand the potential risk in their actions, as well as implement monitoring and response capabilities so data breach and incident response procedures are established and maintained regularly.

Additional questions organizations should ask to determine their resilience against insider threats include:

Its impossible for prevention mechanisms to perform at 100% thats why it is critical to put systems in place that identify threats and that can be activated immediately once a breach, data loss or IP theft incident has occurred. Everyone within the organization has a role to play and, therefore, must be equipped with the training, tools and resources needed to help keep company information safe. People are an organizations greatest insider threat risk, but with proper guidance and investment, they can also become an integral defense mechanism.

See the article here:
The Anatomy of an Insider Threat - Infosecurity Magazine