Protecting your business from insider threat

Glynn Barnard | Last updated on August 17, 2022 | 4 minute read

It’s safe to say that in today’s cloud-operated world, most people are aware of the basics of cybersecurity. We’ve all heard that the rise of remote work has sparked a remarkable 600% increase in cybercrime, or that a new attack occurs every 36 seconds, or that cybercriminals are increasingly targeting small to midsize businesses, or plenty of other terrifying statistics.

Your business has deployed layered technical defenses like firewalls, antivirus, and email filters. You use a VPN when traveling or accessing sensitive data, enforce MFA policies, and use a password manager. You have everything covered, and your data is safe, right? 

Well, it’s a good start, and while most businesses are aware of external threats posed by hackers and other malicious outsiders, there is usually little thought or concern about trusted insiders.

Your employees are already inside your protected perimeter, bypassing a lot of the defenses you have deployed. What’s more, your employees use authorized accounts with access to some of your most critical data as part of their daily role at the company. Therefore, insider threats can present a huge security risk, as the data your employees have access to is significantly more accessible (and easier to steal) than the data a hacker or malicious actor could gain access to. It’s not paranoid to consider the possibility that as your company grows, you’ll need to grow its security culture to include insider threats.  

Insider threats have consequences

Data illegally accessed or leaked by employees often have devastating consequences. For example, in 2020, an ex-Cisco employee maliciously deleted virtual machines on WebEx. He caused over 16,000 clients to be offline for up to two weeks, costing Cisco $2.4 million USD in refunds and repair work. 

While this is, of course, an extreme example, it illustrates the unique danger of an employee with insider access to sensitive or mission-critical data. 

Types of insider threats

Not all bad actors are created equal. There is a difference, for example, between an individual purposefully crashing their car into your house and a driver losing control. 

The malicious insider

This is the employee who intentionally steals, tampers, or destroys data. This can be done for financial gain but can just as easily be done by a disgruntled employee who wishes to cause pain to their employer due to some perceived slight.

Freelancers, contractors, and other individuals with access to sensitive data also present malicious insider risk. Ensure that all employees, whether contractors, freelancers, or full-time, follow the least access principle, where workers only have access to the data they need to perform their duties.

The negligent insider

While malicious insiders make for better spy movies, the vastly more common threat is from negligent insiders. This is your everyday ordinary user going about their daily tasks who makes a mistake, takes shortcuts for convenience, or falls victim to a phishing email causing a malware infection resulting in data loss.

Good old-fashioned human error causes more data loss than you might think: human error is actually the number one reported cause of downtime and outages. 90% of data breach incidents are estimated to be due to “the human factor”.

Mitigating insider threats

Beyond the technical and physical security controls that an organization can implement, it is also important to ensure that the proper administrative controls are in place. These should include proper employee screening, appropriate policies that are enforced and monitored, and most importantly, a well-thought-out security awareness training program with relevant and engaging content being consistently delivered. 

Security awareness training may seem basic, but it’s essential to maintaining your security culture. 60% of data breaches still originate from compromised credentials, typically a successful phish attack. According to KnowBe4, a leading security awareness training provider, one-third of users fail phishing tests, even when they know a phishing test is being conducted. 41% of employees failed to notice the phishing attack because they were tired. As you can see, everybody is human, but all humans can improve with sustained training and awareness programs. 

Even with all of these in place, there is always a threat that one of your employees could tamper with or even delete the data that your company thrives on. 

We can hope that this never happens, but hope is never a winning strategy. A more effective strategy is to ensure that your data is consistently backed up and that the restore process is fully understood and tested regularly. Secure data backup and recovery procedures increase your organization’s cyber resilience and compliance. If disaster strikes, you need to have confidence that your data is safe and can be restored quickly so your business can move on with minimal impact to normal operations – and your customers. 

Looking to join a team of leading cloud security experts? Rewind is looking for security professionals, developers, DevOps, and more. 

Profile picture of Glynn Barnard
Glynn Barnard
Glynn Barnard is a seasoned information security professional who takes a pragmatic approach to cybersecurity program development and management. Adhering to industry-standard cybersecurity frameworks, Glynn has worked in various industries including biotechnology, enterprise cybersecurity, telecom and cloud backups. Glynn currently serves as the manager of Rewind’s Trust Team working to ensure all Rewind services are operating securely. In his spare time, Glynn can typically be found, camera in hand, looking for that perfect shot.