Businesses focus heavily on securing their walls against external threats. But threats can take down your business from the inside, too. They’re easy to miss because companies don’t consider employees, vendors or partners as threats.
Disgruntled employees account for 80% of reported insider attacks, according to the 2023 Insider Threats Survey from software services platform Capterra. The survey also found insider fraud costs companies an average of $262,138 and takes around five months to uncover.
Promoting insider threat awareness
Insider threats continue to rise. To help spread awareness, the government established National Insider Threat Awareness Month (NITAM) in September 2019. This annual initiative promotes awareness about the damage insider threats can cause to private businesses and infrastructure.
NITAM defines an insider threat as someone who uses their authorized access to intentionally or unintentionally harm their employer. The Capterra survey broke down the types of damage insider threat actors commit:
- Data theft: 38%
- Misappropriation of assets: 32%
- Disclosure of trade secrets: 30%
- Reputation sabotage: 27%
- Fraud: 23%
- System sabotage: 20%
NITAM also includes nonmalicious employee behaviors that lead to data breaches. An example would be falling for a phishing scam.
And insider threats aren’t just online. Some insiders are professional dumpster divers who retrieve data you’ve tossed and sell it for profit. Your discarded data could include trade secrets and client information.
Insiders in the news
Here are some examples of real insider threats, as reported by the tech news site BleepingComputer:
Employee extorts employer. Following a confirmed threat by a ransomware gang against his employer, an IT employee impersonated the cybergang that initially exploited the company. The IT employee used his security clearance to access and modify the gang’s original email to the CEO. He changed the gang’s cryptocurrency account numbers to his cryptocurrency account, making it seem like the gang would get the ransom. He also created an email address nearly identical to the cybergang’s to continue the charade and pressure his employer for the ransom payment.
The company refused to pay. Instead, they hired cybercrime investigators, who exposed the IT employee’s scam. He got three years in prison.
Deleted accounts. In an act of revenge, an IT consultant hacked his former employer’s network and deleted most of the operational cloud accounts. The cyberattack halted the company’s operations for two days, costing the company over $560,000 in recovery expenses. He was fined and sentenced to two years in prison.
Things you can do to prevent insider threats
Protecting your business is about fostering a security-first culture, educating your team about cybersecurity and maintaining strict access controls. Try these tips to get started:
- Enact strict controls. Keep an eye on who has access to what data within your organization. Employees who don’t need access to particular information for their job shouldn’t have it. Doing this reduces the opportunity for data mishaps.
- Audit activity. Regularly review user and data access logs to identify unusual activity. Frequent unauthorized access attempts or increased data transfers are red flags.
- Monitor behavior. Look for unexplained severe changes in an employee’s behavior. For example, a typically conscientious employee who starts violating company policies or working unusual hours could be concerning.
- Encourage reporting without fear of retaliation. Have a way for employees to report anything unusual.
- Establish clear IT policies. Ensure every employee understands the company’s data and system use procedures.
- Train employees. Educate employees on the latest cyber threats and scams. Teach them how to identify and prevent security breaches. This includes wearing badges and following security door procedures to prevent unauthorized entry.
- Create an incident response plan. A clear strategy helps you act swiftly and decisively to limit the damage.
- Secure physical assets. Not all insider threats are digital. Secure and monitor your documents and hardware.
- Screen employees. Conduct background and security checks for all employees, especially those with access to sensitive company data.
- Offboard employees. Deactivate employee accounts and access badges after their employment ends.
Insurance is part of an insider threat response plan
General liability and business owners policies don’t cover employee crimes or cyberattacks. You’ll need added protection.
Cyber liability insurance provides a safety net if you have a data breach or cyberattack. It covers the costs of data restoration, credit monitoring services, forensic investigations and public relations. Some policies cover ransom payments, but not all. When considering a cyber liability policy, it’s important to understand what it covers.
Employee crime and theft insurance is equally important. It protects your company against financial losses from an employee’s fraudulent or dishonest activities. General liability won’t help if your employees, contractors or partners are involved.
Directors and officers insurance can help if your stockholders or clients sue your company’s board or executives.
Insurance coverage can help get your business back on track after an incident. Call your insurance agent for a quote.
Getting started on a plan
Here are some resources to protect your business against insider threats:
- Promote NITAM’s insider threat education resources.
- Create an insider threat response program. The Cybersecurity & Infrastructure Security Agency’s Insider Threat Mitigation Guide has planning information for businesses of all sizes.
- Train your employees on how to recognize and avoid threats. The Center for Development of Security Excellence has free cybersecurity training, toolkits and videos.
- Use the Department of Homeland Security’s website to report threat incidents.
Insider threats might seem like something from the pages of a spy novel. They’re not. NITAM is a great time to evaluate and prepare. Stay vigilant, stay informed and keep your business safe!