While many companies focus on external threats when it comes to their cybersecurity, internal threats can be just as dangerous to organizations. From careless employees to malicious attackers, insider threats are on the rise, costing companies millions of dollars and the loss of their reputations. With sensitive data, intellectual property, and more on the line – it's never been more important to understand insider threats and how to prevent them. At MindPoint Group, we have worked with government agencies, partners and private sector companies to limit their exposure to insider threats through training, planning, process creation and third party risk management.
What is an insider threat?
Defining an insider threat requires us to understand what we mean by “insider.” According to the Cybersecurity & Infrastructure Security Agency (CISA), an insider is “any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems.” Consider the number of people who have regular access to your organization’s systems, including not only employees, but third-party vendors, contractors, even repair personnel.
Suddenly your list of potential weak points got a lot longer, didn’t it? Expanding on the above definition, an insider threat is the “potential for an insider to use their authorized access or understanding of an organization to harm that organization.” There are many, many opportunities for users to misuse their access to the detriment of the organization and its network.
Does intent matter for insider threat?
These threats can be intentional or unintentional, and it’s important to understand how both can leave your network vulnerable. While a malicious insider may run a coordinated effort to steal confidential data, a well-meaning employee may accidentally click on a phishing link that releases destructive ransomware into your network. Both are considered to be insider threats. Regardless of intent, the end result is a compromised system, which is quite a mess to clean up.
How often, how bad are insider threats to organizations?
In 2021, over a twelve-month period, the Ponemon Institute surveyed a total of 278 benchmarked organizations. Each organization suffered insider threat incidents over the year, ranging from a minimum of 1 to a maximum of 46. Here are the 2022 findings:
- Total number of Insider Threat incidents = 6803
- Total average annualized cost of Insider Threat = $15.4M
- Average cost to contain an Insider Threat incident = $184,548
- Average time to contain an Insider Threat incident = 85 days (up from 77 days in 2020)
- Organizations with more than 21 Insider Threat incidents/year = 67% (up from 60% in 2020)
- Types of Insider Threat incidents:
- Employee/Contractor Negligence – 56%; average annualized cost = $6.6M
- Criminal & Malicious Insider – 26%; average annualized cost = $4.1M
- Credential Theft – 18%; average annualized cost = $4.6M
An Insider Threat solutions provider recently surveyed their clients and found the following:
- 72% increase in actionable Insider Threat incidents from 2020-2022
- Work from Home increased risk – 75% of Insider Threat investigations that led to criminal prosecutions arose from incidents occurring at the individual’s home
How often and how bad? All the time and very bad.
How can a customized approach give you an edge in tackling insider threats?
Because each organization is different, your gaps – and the best way to tackle them—will look different as well. That’s why it’s important to work with cross-disciplinary cybersecurity experts to craft a unique, predictive plan that will best protect your data. If you’re looking to contract with the federal government, protecting yourself from insider threats will likely be a part of the assessment process. You might need a team of penetration testers to pressure test your network in real time, or a team of automation experts to build a system that increases consistency and decreases human error. Perhaps your organization would benefit from the support of a Managed SOC system, protecting your network around the clock. It’s crucial to find a cybersecurity partner and provide them with a deep understanding of your organization and its needs. Only then can they counsel you on your best options.
How can MindPoint Group help you limit insider threat incidences?
Many companies partner with MindPoint Group to manage their risk with innovative services and products. MindPoint Group considers insider threats holistically, whether you’re interested in support services with our penetration testers, GRC assessors, Zero Trust advisors, third-party risk managers, or other cybersecurity experts. By taking the time to understand your organization, its cybersecurity needs, and its cyberthreat exposure, the experts and MindPoint Group will help you strategize and execute a custom plan to help your organization limit its exposure to insider threats, and much more.