For many IT experts, one of today’s top cybersecurity concerns is the risk of insider threats. In fact, it was No. 4 on our list of the top cybersecurity threats of 2022. While you might think that an insider threat almost always features a malicious actor – someone who deliberately tries to steal data or bring down the corporate network – the truth is that most insider threats are associated with employees whose actions have unintentional consequences.
With the average cost of a breach now estimated at $4.62 million, according to IBM’s Cost of a Data Breach Report 2021, the consequences – whether intended or accidental – are severe. It’s not just the financial cost, either. Data breaches can result in “government fines, penalties, and, in extreme circumstances, jail time,” according to Iron Mountain, a global business dedicated to storing, protecting, and managing information and assets.
For instance, in the last five years, some notable organizations have been hit with massive fines because of data breaches, including:
- Equifax: $575 million
- Uber: $148 million
- Capital One: $80 million
- British Airways: $26 million
- Marriott: $24 million
- MD Anderson Cancer Center: $4.3 million
Here, then, are the insider threats you need to guard against in 2022.
1. Malicious Insiders
In 2019, Garrett Popcorn Shops, a Chicago icon, filed a lawsuit against Aisha Putnam, the company’s former director of research and development, alleging she downloaded more than 5,000 company files onto a USB flash drive. These files included recipes, formulas, and ingredients for the company’s product offerings.
Malicious insiders are bad actors – including employees, contractors, and other trusted third parties – who intentionally steal data or infect the company’s network with viruses or malware. They are usually motivated by money and steal company trade secrets and data knowing they can sell it to competitors, sell it on the dark web, or use it the information themselves.
How to stop malicious insiders: Be on the lookout for disgruntled, frustrated, or unhappy employees. In today’s work-from-home environment, this is easier said than done, as the COVID-19 pandemic has made it harder to identify malicious insiders.
2. Accidental Insiders
Although malicious insiders can wreak havoc on an organization, these threats are relatively rare. Currently, less than 20% of breaches are inside jobs, according to the Society of Human Resources Management, meaning that more than 80% of insider threats are the result of accidental acts of employees, vendors, and other third parties.
Accidental insiders or those who accidentally compromise company data, as was the case with insurance software developer Vertafore. In 2020, the company experienced a data breach of 27.7 million Texas drivers when a company employee inadvertently stored data files on an unsecured external storage service.
How to stop accidental insiders: Implement a policy that prohibits the use of portable media. In addition, lock all computer ports so that external devices cannot be connect to network computers.
3. Unaware Insiders
The unaware insider is the employee who doesn’t understand, appreciate, or care about the risk of cybersecurity threats. These employees are susceptible to phishing scams, which have increased significantly during the pandemic and continue to be a serious threat to companies of all sizes.
One of the most notable phishing scams cost Austrian aerospace parts manufacturer FACC $61 million when a hacker posed as the CEO and sent a phishing email to an entry-level employee in accounting. This employee then transferred funds to an account for a fake project. FACC subsequently fired its CEO and CFO for not doing enough to protect the company and has since filed a lawsuit against both individuals for failure to establish adequate internal controls.
How to stop unaware insiders: A 2021 TalentLMS study found that 61% of employees failed a basic cybersecurity quiz. Awareness starts with training.
4. Sloppy Insiders
In at least three separate incidents, an employee with the City of Dallas unknowingly deleted 22 TB of information, including police case notes, photos, and videos. The employee, who was subsequently fired, failed to follow the organization’s procedures while transferring files in what the city called, “a pattern of error.”
Unfortunately, some employees are just sloppy when it comes to protecting corporate data. It’s not just about following policies and procedures, either. For instance, two of the most popular passwords continue to be “password” and “123456, and 35% of people never change their passwords – even after they are notified of a data breach. This level of digital sloppiness is like unlocking your front door and inviting in the bad actors.
How to stop sloppy insiders: Be vigilant about assessing employees’ attention to detail. There’s a good chance that if they are sloppy in their day-to-day assignments, then they likely pose an insider cybersecurity threat, too.