Tuesday, 10 August 2021

The Truth about Today’s Insider Threat

It’s important to understand what the trends are that are affecting today’s insider threats – and what can you do to mitigate them.

insider threat

Over the year and a half, cyber criminals have exploited the uncertainty and change we’ve experienced as a result of the pandemic. Nevertheless, it’s important not to let that growing and evolving cyber threat distract us from another cyber security problem: the insider threat.

Like so much of our lives, the insider threat has been affected by the COVID-19 pandemic. Changes to people’s ways of working and uncertainty about their economic wellbeing are taking their toll.

It’s important, therefore, to understand what the trends are that are affecting today’s insider threats – and what can you do to mitigate them.

#1. The scale of the problem

The Osterman Research White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime(1) white paper found that insider threats account for a quarter of the eight serious cybersecurity risks that significantly affect private and public sectors.

#2. Carelessness and negligence account for more issues than malicious actions

However, it is also important to note the findings of the Ponemon Institute(2). It found that only 24% of insider threats are malicious. The majority – 62% – are caused by users being careless or negligent.

#3. Stress – and changing habits – can exacerbate mistakes

With the health and the economic stress of the pandemic weighing on all of us, we are all more prone to making errors – whether that’s installing malware or falling prey to phishing emails.

The work from home trend has also meant that company data has frequently ended up outside corporate networks and beyond traditional levers of control. Such insecure practices – especially when data is stored on unsecured personal devices – offers a far greater attack surface to malicious actors.

With the hackers’ attention turned to less secure home computers, the tendency of users to reuse passwords creates more headaches. For example, warns Michael Walters writing in Dark Reading(3), “streaming services, which have become popular during the pandemic, are an enticing target for credential-stuffing attacks that can harvest passwords, which can then be used to access corporate systems.”

In fact, Ponemon(4) found that if an insider incident involved a negligent employee or contractor, companies spent an average of $283,281. The average cost more than doubles if the incident involved an imposter or thief who steals credentials ($648,845). These figures date back to 2018 research, so are likely to be an underestimate today.

#4. Where actions are malicious or economically driven, experts expect economic uncertainty to drive activity…

The centre for the protection of national infrastructure (CPNI)(5) warns that “a low level of line management oversight can enable an opportunistic insider to exploit their access to valuable assets because the early signs of counter-productive workplace behaviour are not spotted and acted upon. An organisation without strong leadership and communications at this time can quickly find staff are demoralised, disgruntled and more easily coerced into an insider act. This especially true where large numbers of the workforce are exiting the organisation or being ‘furloughed’.”

#5. …and cyber security professionals are not immune

One of the most concerning findings of the Osterman Research paper is the role of security professionals in internal cyber threats. In the UK, one in 13 security professionals are perceived by their security-professional peers to be grey hats (dabbling in cybercrime).

Osterman Research says, “Underscoring the depth of the grey hat problem is the fact that 12 percent of security professionals admit to considering participation in black hat activity, 22 percent have actually been approached about doing so, and 41 percent either know or have known someone who has participated in this activity. This is by no means a rare or isolated problem!”

Furthermore, it goes on to say, “mid-sized organisations (500 to 999 employees) are getting squeezed the hardest, and this is where the skills shortage, and the allure of becoming a grey hat, may be the greatest”.

What can you do to protect your organisation against today’s insider threats?

As we’ve so many times in the realm of cyber security, people are your first – and, perhaps even, the best – line of defence.

Educate users about:

• The traditional cyber threats – while it might be tempting to cut training budgets during the pandemic, it’s important not to. Cyber security awareness training can be delivered online, so it can continue even when staff are working from home.

• Not to reuse passwords – especially between home and work accounts. Training can help staff to brush up on good password security practice, if needs be.

• The need to report anything of concern – especially if they have been approached as part of an insider scam. Creating an open, incident-reporting culture is the best way to encourage the reporting of issues and suspicions.

The processes that you put in place behind the scenes are also important. Key issues in today’s remote working and hybrid worlds include:

• Use the automated tools available to you to secure and monitor all your devices – whether traditional IT, IoT, mobile devices or anything else.

• Understand the different types of insiders that can pose a threat and implement policies and practices to mitigate the threat – whether malicious, professional, violent, accidental or negligent. The CPNI framework(6) can help here.

• Build HR practices and internal communication that ensure that people are ready for changes and don’t become demoralised or disgruntled and, as a result, more easily coerced into an insider act. Provide staff with legitimate avenues to express dissatisfaction instead.

• Work with staff to create a strong security culture. As the CPNI notes, this “will provide a deterrence to insider activity by ensuring the workforce have a good level of security awareness, so are less likely to become unwitting insiders, and understand how to report concerns where they notice workplace behaviour of concern.”


Got concerns? Need help?

Our team is on hand to answer any questions you might have about cyber security, insider threats and the changing nature of the cyber threat.

Please reach out to us if you have any questions or concerns.

Book a 15-minute chat  >>>


1. https://blog.malwarebytes.com/security-world/2018/08/white-hat-black-hat-emergence-gray-hat-true-costs-cybercrime/

2. https://www.ponemon.org/

3. https://www.darkreading.com/attacks-breaches/understanding-and-mitigating-insider-threats-in-today-s-remote-work-world

4. https://www.ponemon.org/research/ponemon-library/security/data-breaches-caused-by-insiders-increase-in-frequency-and-cost.html

5. https://www.cpni.gov.uk/resources/insider-threat-pandemic#:~:text=CPNI%20research%20shows%20that%20there,protective%20security%20and%20management%20processes.&text=This%20especially%20true%20where%20large,organisation%20or%20being%20'furloughed'.

6. https://www.cpni.gov.uk/insider-risks/insider-risk-mitigation-framework