Managing Insider Threats
“Insider threats” remain a top concern for privacy and cybersecurity professionals in organizations around the world. The Cybersecurity and Infrastructure Security Agency defines an insider threat as any person who has or had authorized access to an organization’s data and uses their access - intentionally or unintentionally - to do harm to the organization’s mission, resources, personnel, facilities, information, equipment, networks, or systems. Current and past employees, along with third-party contractors and vendors can be insider threats through behaviors such as unauthorized disclosure or misuse of information, corruption, sabotage, theft, and intentional or unintentional loss or degradation of organizational data, as well as resources or capabilities. Ponemon Institute’s “2022 Cost of Insider Threats Global Report” revealed that incidents involving insider threats have risen 44% over the past two years, with 56% of incidents caused due to negligence.
Insider threats are often thought to be caused by internal “malicious actors” with intent to compromise or steal an organization’s data. However, unintentional insider threats caused by negligence or accidental actions carry equal risk and can occur even more frequently. These actions could be as simple as emailing data to the wrong person, circulating a photo with sensitive data depicted in the image, storing sensitive company data on an unsecured device, or losing or mistakenly deleting company data.
Below are some recent situations involving insider threats:
- In March 2020, a former employee of a medical device packaging company hacked into the company’s computer network to edit and delete nearly 120,000 records causing significant delays of medical equipment.
- Two GE employees stole proprietary data and trade secrets with the intent of opening a rival company.
- In 2021, an IT employee at the Dallas Police Department lacked proper training for moving files from cloud storage and inadvertently deleted 8.7 million files of evidence.
- A Boeing employee emailed a spreadsheet to his wife hoping to get formatting help but ended up exposing the personal information of 36,000 employees.
With the increasing value of data, it is imperative to recognize and act against these insider threat incidents by following your organization’s privacy policies and reporting any potential incidents. To learn more about insider threats and get tips to mitigate the danger, visit the Cybersecurity & Infrastructure Security Agency (CISA) website.