Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Traditionally, security teams long focused on external threats, which can make it easier for instances of insider threats to go unnoticed. This can be particularly true for over-extended security teams or those working with fewer resources. The concern
for both CISOs and business leadership is that data exfiltration or insider theft incidents have risen rapidly and these insiders are committing more sophisticated and blatant data theft.
Threats coming from within the organization add layers of complexity, because these are individuals and parties who have been vetted and trusted. Although non-malicious insider data exfiltration may occur unintentionally with little or no indicators,
malicious data theft often leaves indications that something is going on.
This piece details new driving factors behind serious insider data theft and provides best practices to help recognize behaviors and detect patterns in an effort to mitigate risk from insider threats.
An insider is an individual who belongs to your organization with legitimate access to confidential and secured data, including parties with high-level credentials to data and technology. Insider theft can originate from individuals within sales, finance,
customer service, IT, R&D, third parties or leadership—anyone who holds knowledge or can influence company decisions.
While many insider threat actors have nefarious intentions and agendas, that’s not always the case. Individuals can fall victim to phishing and other threats putting the organization at risk. Either way, a data exfiltration breach can result
in serious damage, theft, fraud, financial harm or even physical safety for the organization’s members.
The events of the past three years have significantly changed the landscape of how organizations operate. For instance, 1 in 4 employees are working remotely or in a hybrid model. Additionally, many more are resigning to take jobs with higher pay or more
flexible benefits. Both of these developments in the labor market have made insider data theft easier to commit.
These factors, coupled with incentives like advanced information access methods and high stakes data make insider data theft more lucrative. It often takes the form of strict monetary gains or the securing of a competitive advantage over a particular
firm (or putting another firm at a disadvantage), either by a current or a disgruntled ex-employee.
At the outset of the pandemic, many IT teams pivoted rapidly to work-from-home structures to maintain productivity. As a result, employee/insider security protocols seriously lapsed. Statistics suggest roughly 60% of employees don’t follow protocols
when working at home, versus working in the office. Compounding this issue, remote employees can become lax, making BYOD a higher risk and direct target by threat actors.
A tumultuous job market where firms continue to see an unusual level of turnover also contributes to the prevailing insider threat problem.
With employees leaving in higher numbers, statistics suggest there is a 1 in 3 chance departing employees will take intellectual property with them. These somewhat removed or short-term employment stints can leave employees feeling disconnected, with
blurred lines of data or intellectual property ownership. With no investment in their jobs, many resigning insiders feel they have nothing to lose by exploiting their former employer’s data. Plus, insiders are increasingly taking these valuable
assets with them to competitors, or worse, selling them to threat actors for profit.
Insider data theft and exfiltration incidents fall into two categories: non-malicious and malicious. However, each type poses significant risks to the organization.
Although most employees are not malicious, unintentional employee actions can have a huge impact on organization’s security. Errors like mishandling data or opening a phishing email can produce many types of cyberattacks including ransomware, business email compromise and other
data breaches and fall into these categories.
Read: Six Common Social Engineering Attack Methods
Malicious data exfiltration has become more common in recent years. Malicious insiders are not always easy to spot within an organization and are able to do a lot more damage that is difficult to mitigate quickly. Insiders can sell sensitive data, assist
hackers with ransomware attacks or perform industrial espionage—all for profit. Malicious insider data theft falls into the following groups:
With the focus on detecting external threats, organizations may not have the adequate safeguards or detection mechanisms in place allowing insiders to circumvent safeguards designed for outsiders, empowering them to slip in and out without notice. Common
malicious insider data theft techniques include:
To mitigate threats and take immediate action, look for the following behaviors and patterns to determine if you’re facing a serious insider threat.
READ: Insider Data Exfiltration - Threats and New Challenges
Depending on their motive, level of technical skills, knowledge of the company’s cybersecurity system and privilege levels, insiders can use their abilities to cause substantial harm. Use these best practices to help prevent data exfiltration.
Read: How to Establish an Effective Insider Threat Program
To prevent insider attacks, it’s important to look at methods to mitigate the risks associated with insider threats.
Insider threats are an unfortunate reality all organizations face. Understanding the behavior, motivations and indicators of insider threats will help your teams come up with protocols and preventative tools to eliminate insider threats.
Knowing your people, identifying your organization’s assets, prioritizing risks and using proven methods to detect threats can help significantly reduce data exfiltration events from occurring.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
November 30, 2023
By IANS Research
CISOs, find guidance on what to focus on within the first 30 days, 6 months and first year of your tenure to ensure a fast, successful start.
November 28, 2023
Use this checklist of best practices, designed to help CISOs and cybersecurity leaders protect their organizations and avoid SEC compliance missteps.
November 21, 2023
Access key data sets from the 2023 edition of IANS and Artico Search’s Security Organization and Compensation Benchmark Report. Gain valuable insights on functional leadership compensation to hire and retain top security talent.