How to Combat the ‘Insider Threat’

Many businesses consider cyber threats as external forces, attempting to penetrate their defences from the outside in. In truth, however, threats often originate from within.

The insider threat refers to data being compromised from within an organisation – whether knowingly or unknowingly - by employees.

This article will look at the different types of insider threat and what businesses can do to protect themselves.

In order to combat the insider threat, organisations must first gain an understanding of what these threats are and how they manifest themselves within the workplace.

Broadly speaking, there are three distinct types of insider threats: accidental, negligent and malicious.


The ‘accidental’ threat

When employees lack an understanding of cybersecurity issues and best practice for combatting threats, they can unknowingly behave in ways that compromise the organisation’s security. This type of threat is deemed ‘accidental’ because it arises simply due to lack of knowledge, rather than malicious intent or a conscious disregard for company policy.

For example, an accidental threat might arise because an employee, having had no cybersecurity training, opens a phishing email or clicks on a malicious link. The Verizon 2016 Data Breach Incident Report indicated that accidents contributed to nearly a third of security incidents in the previous year.

Cybercriminals are ready and waiting to exploit security holes within organisations. The accidental threat need not account for so many security breaches. The antidote is simple: provide regular, up-to-date cybersecurity training to every single employee. We can help you do this.


The ‘negligent’ threat

When an employee deliberately acts against the policies that their employer has put in place to protect the company networks, but for reasons that are not malicious in nature, the negligent threat arises.

Usually, the motives for negligent behaviours come from a desire to seek shortcuts or better accommodate preferred working methods of the individual or team.

For example, an organisation may have strict file sharing policies in place to protect company data, but these are not adhered to by some employees who, instead, decide to share work on public cloud applications to make it easier for them to continue their work when they’re away from the office. Despite there being no malicious intent in such acts, they inevitably create unintended security vulnerabilities.

When the negligent threat is present within an organisation, it can be a sign that the security policies and training strategies are not serving their purpose effectively and, therefore, need to be reviewed.

Simply implementing some form of security training and policy is often not enough. Information not only needs to be given, but also understood and taken fully on board.

Sometimes, the issue is that a company’s security policy is not accessible enough. Other times, it can be too invasive or restrictive for employees.

Whatever the problem, the key is to engage with employees to find out what the issues are and involve them in the process of creating and reviewing policies. When people feel involved in the process, they are more likely to take ownership and act responsibly.


The ‘malicious’ threat

Malicious threats arise when an individual within an organisation deliberately compromises security, with intent to cause harm to the systems, reputation or finances of the company. The motivation behind such acts is very often financial gain, but can sometimes also be revenge or espionage.

For example, an individual within an organisation may be approached, and enticed by financial reward, to assist hackers from the inside. Or, perhaps, an individual with malicious intent may seek employment with a specific organisation.

Sometimes, malicious threats arise from disgruntled employees who decide to compromise the data of their employer upon leaving the company, perhaps viewing it as an act of revenge for perceived mistreatment.

The potential for this type of threat is often overlooked by businesses, which tend to prefer viewing malicious intent as an external threat. However, the malicious insider is a growing threat and, as such, organisations would be unwise not to account and prepare for it in their cybersecurity strategies.


How to combat the insider threat

The human element is central to the insider treat. Keeping this in mind, organisations need to develop an insider threat strategy which places a strong emphasis on educating employees on best practices to mitigate risks. The development of a robust risk management plan is crucial and this should have its primary focus on mission-critical data.

Technology usage policies should be created and made accessible for all employees. These policies should clearly state how technology – such as file sharing systems and mobile devices – should be used within the company.

One fairly simple, yet effective, way of mitigating risk is by limiting user access according to assigned roles within the organisation. Access to sensitive data and systems should be permitted only for the maximum number of individuals for whom it is essential to carry out their job roles within the company. This also makes things easier when it comes to monitoring for suspicious activity.

Once robust insider threat strategies have been implemented, regular auditing and continual monitoring is essential. The security needs of an organisation will change over time and new threats will emerge, so it’s important to ensure security strategies are regularly reviewed and revised if necessary.

Technology provides useful tools for monitoring and combatting insider threats. For example, the deployment of database activity monitoring solutions can assist organisations in keeping track of changes or suspicious activity that may point towards a potential security breach.

Technologies are also available for monitoring network traffic for suspicious activities and flagging potential insider threats, such as a rapid surge in connections to file sharing sites, for example.

Data loss prevention software is useful in the implementation of data handling policies and also ensures that data is being handled securely by employees at the endpoint. These types of solutions can also automate data loss prevention processes, by monitoring outbound emails and automatically blocking emails that may contain sensitive data, for example.


The insider threat is a serious and unavoidable reality in business today. It is, therefore, crucial that businesses assess the specific risks within their organisation and develop robust strategies to combat the threat. Key to this process is, first, understanding where sensitive data resides and, subsequently, assessing the risks, restricting and monitoring daily employee activity whilst also investing in ongoing cybersecurity training and testing.


Are you looking for help or advice to improve your IT security policies, practices or technologies? Get in touch today to discuss the kind of help you need… 0131 603 7910.


Image source: Freerange Stock



see all