Virtualization Technology News and Information
Identifying Potential Insider Threats

By Stefanie Shank

By now, you're likely familiar with insider threats. You may even be among the more than 50% of organizations that have experienced an insider threat event in the past year.

Unfortunately, the rise in cybercrime is not solely the work of faceless hacking groups out to exploit network weaknesses and steal your data. Sometimes it hits a bit closer to home, with insider activity resulting in costly incidents and burdensome recovery efforts.

What is an Insider Threat?

An insider threat is an attack from within your organization or network. Employees often perpetrate these cyber incidents, but they can also be initiated by third parties, including contractors, vendors, partners, and service providers. Essentially, anyone with privileged access to an organization's network, data, or other valuable digital assets can pose a threat.

Types of Insider Threats

Insider threats are also not limited to malicious activity. The US Cybersecurity & Infrastructure Security Agency (CISA) identifies a short list of insider threat categories:

  • Unintentional Threat - this category includes any risk or threat resulting from a non-malicious activity.
    • Negligence poses a threat when end users make careless choices and a bad actor can capitalize, such as misplacing a storage device or falling behind in patches and updates to software.
    • Accidental incidents result from mistakes, including clicking on malware links or mistyping an email address when sharing privileged information.
  • Intentional Threat - also referred to as a "malicious insider," an intentional threat is an actor who knowingly harms your organization. These attacks may result from revenge or opportunities for personal gain, including stealing valuable data to sell or intellectual property for clout.
  • Third-Party Threat - contractors, vendors, service providers, and partners can also pose a threat. Anyone who is not a badged employee but has access to privileged areas of your organization, network, or data can be a third-party risk.
  • Collusive Threats - when an insider (or insiders) collaborates with external entities, this constitutes collusion. These incidents often arise by way of fraud, IP theft, or espionage.

Signs of Threats

Insider threats are often successful because they're initiated by people you know and trust. Moreover, it can be difficult to detect an insider threat as perpetrators often act in line with their role responsibilities. Each of these indicators of insider threats may be innocuous or indicative of risk at play. Understanding common signs can help you and your employees stay alert.

User Profile Change Requests

Employees need access to a variety of systems and tools depending on the nature of their role. At times, this may include viewing sensitive or privileged information that they are entrusted with to perform their duties. Hopefully, administrators in your organization have defined user access privileges according to requirements, and users have signed NDAs where appropriate.

An indication of a potential insider threat is when users request further access to data and otherwise protected areas. Insiders benefit from this access by harvesting data such as user or financial details to sell to others.

If users request access to data beyond their job scope, consider this a red flag. There are times when projects require cross-departmental collaboration, and users may need increased privileges. Treat these requests with discernment and revoke access when it is no longer needed. Be aware that the more people permitted to view or manipulate private data, the more insider risk you amass.

Use of Non-Standard Tools

Your organization likely has a defined suite of tools and software for performing daily functions. Administrators manage user privileges and accounts along with security and updates when required. Part of functioning as a well-oiled machine is a certain degree of control over the environment. With any luck, the prescribed tools fit the business needs of all end users.

For various reasons, end users sometimes wish to use tools outside the tech stack. Whether it's a matter of comfort, familiarity, or necessity, it's not uncommon for end users to opt (or want to opt) for another tool.

This may pose a risk if your security controls are set so end users can download and utilize unapproved tools. Unsanctioned software can increase third-party risk, particularly as it is uncontrolled and unmonitored. Acts of negligence or naivety can lead to stolen data and compromised networks.

Unusual Movement

Before you consider whether you need to put an airtag on your employees, don't worry. There's no need to track their physical movement. Yet, you should track their digital movement, particularly regarding data.

Spikes in data downloads and uploads can be indicative of trouble. Similarly, if end users use cloud tools like Airdrop and Google Drive to send large data files, it's time to investigate. This may be a sign of an insider threat. Closely monitoring network activity and data movements is crucial to keeping company data safe.

Employee Exits

Unfortunately, not all employees depart their roles with the best intentions. Even those who resign voluntarily and seemingly on good terms may trigger insider threat activity. Otherwise happily departing employees may take trade secrets with them in an effort to accelerate the next step in their careers. Scorned or terminated employees may leave with hostile intentions and seek to sabotage your brand. Either way, departing employees are a potential threat.

Awareness is the Best Preventative Measure

Being aware of potential insider threats is the key to mitigating risk. Consider these indications and build controls around monitoring and preventing data leaks. Create a risk-aware culture in which employees are familiar with malicious and unintentional insider threats to ensure they or their colleagues do not tip over from friendly coworkers to liabilities. Share a process for reporting incidents, including a user's individual mistake or whistleblowing observed behaviors.

Data is valuable. Keep it in the right hands.




Stefanie Shank. Having spent her career in various capacities and industries under the "high tech" umbrella, Stefanie is passionate about the trends, challenges, solutions, and stories of existing and emerging technologies. A storyteller at heart, she considers herself one of the lucky ones: someone who gets to make a living doing what she loves. Stefanie is a regular writer at Bora. 

Published Monday, May 01, 2023 7:31 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2023>