Sage Advice - Cybersecurity Blog

Cybersecurity and the Insider Threat

cybersecurity-insider-threats.jpgEver since Edward Snowden walked out of the National Security Agency (NSA) with a treasure trove of classified information, the threat posed to corporate data from an inside attack has been widely accepted. Today, study after study show that insiders pose a significant cybersecurity threat, reporting statistics like: 

To effectively protect against insider threats, organizations must first understand what the insider threat is. Let’s take a closer look.  

What is Insider Threat?

Basically anything inside your perimeter can be considered an insider threat. This includes:

  • Intentional abuse of access;
  • Misuse of privilege; and
  • Inadvertent compromise.

The insider threat is one of the most unsavory of threats because in many cases it involves the people we work with. It can be a breach of a trust relationship, which is hard to deal with.

Who is the Insider?

Insider does not necessarily mean employee. It’s anyone who has access to your internal network, including services providers and contractors. Snowden was a contractor. The HVAC vendor responsible for facilitating the Target breach by clicking on a link in a phishing email was considered an insider.

The most dangerous insiders are those that administer and manage infrastructure. According to Vormetric’s Insider Threat Report, 55% of respondents said privileged users posed the biggest internal threat to corporate data, followed by contractors and services providers (46%), and then business partners with internal access (43%).

Inadvertent vs. Malicious Threats

There are two types of insider threats. The first is the unwitting insider threat, or inadvertent actor. They are typically unaware and fall victim to common social engineering tactics, such as phishing, vendor spoofing, or pretexting. People are typically the weakest link in security because human nature makes us vulnerable.

The second type is the active insider threat, which is malicious in nature and is typically perpetrated by disgruntled, troubled, or just greedy insiders. Hackers are actively advertising for help from specific company’s employees to join the dark side. Desperate people can do desperate things. Good people can do bad things. In fact, this survey showed that 20% of employees would sell their corporate credentials, 44% of which would be willing to do it for less than $1,000, and some for as little as $100.

Why is it important to consider Insider Threats?

Remember that hackers are opportunistic. The path of least resistance is their preferred path. Why brute force a firewall when people (or their stolen credentials) can circumvent technical controls? Today’s hackers just need to be good social engineers. They can buy (or rent) the tools needed to do the hacking. 

In their 2015 study, IBM found that 60% of cyber-attacks came from insiders. In 2016, they decided to further refine that data by industry to see how they compared (see table below).  

The data showed a definite difference by industry sector. The financial services and healthcare sectors had a higher rate of attacks being perpetrated by an insider when compared to the other sectors. According to the report, “the fact that the insider attacks targeting the financial services and healthcare were largely the result of inadvertent actors may be due these industries having a greater susceptibility to phishing attacks.” Focusing on cybersecurity awareness for employees, and building a cybersecurity culture could go a long way in reducing these numbers.

Regardless of industry though, it’s important to be aware of insider threats, so that you can protect your organization against them. Check back in future posts to learn characteristics and indicators of insider threats, as well as strategies to deter, prevent, and detect them.

Have you assessed your vendors’ cybersecurity risk? Some of the most publicized data breaches over the past few years have occurred via third parties. Setting up and maintaining an effective cybersecurity review program is essential to protect against this type of insider threat. Tyler can assist with the implementation of a program that makes sense for your organization’s business needs and is tailored to the unique conditions that are the byproduct of every third-party business relationship.

Learn More


Topics: Cybersecurity Culture, Cyber Defense

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More