I remember many years ago, when I first began writing about security, a cybersecurity expert went off topic in a conversation we were having about cloud security to discuss what he felt was a rarely discussed issue – the insider threat. He told me that while we are so worried about people coming in from the outside, companies ignored the people who had direct authorized access to the network. I think one of the reasons this conversation stuck with me was because it made me realize that, had I wanted to, I could have been one of those bad actors. Twice when I switched to different departments in my former job, I still had access to my former department’s network. When I left the job for good in 2005, I continued to have access for another year. Others have told me similar stories.
The insider threat has always been there for any number of reasons: the focus on outside hackers, trusting employees, improper access, and not severing electronic ties with former employees immediately. However, the issue really didn’t come to the forefront of cybersecurity conversations until the Target breach. I recall that when a Verizon Data Breach Incident Report a few years ago called out insiders as a top threat to security, it was big news.
Still, IT departments have been slow to recognize the importance of the insider threat. A new study from Preempt found that 49 percent of IT professionals are more concerned about insider threats over external ones. According to the report, the issues that bring most concern include malware installed by careless employees, stolen or compromised credentials, stolen data, and abuse of admin privileges.
In addition, as eSecurity Planet pointed out:
Separately, a Kaspersky Lab survey of more than 4,000 companies from 25 countries found that the top causes of serious data breaches were careless or uninformed employee actions (59 percent) and phishing or social engineering (56 percent).
We know that outside hackers look to insiders to make mistakes, like downloading malware or sharing credentials, so it seems odd to me that only 49 percent of IT pros put internal threats at a higher priority than external ones. And that focus shows in how companies address cybersecurity, according to a Forbes article:
Companies overwhelmingly continue to direct security funding to traditional network defenses that fail to prevent damage from insiders. Unfortunately, the growing impact of insider threats on private sectors companies not only poses a risk to the companies’ proprietary information and data, but also has a direct impact on the national and economic security of the United States.
How to better protect against the rising insider threat? First, I think it needs to be taken more seriously – half of IT professionals is too low. Second is improving cybersecurity awareness for all employees so they understand how they can become a threat unknowingly. Third, use solutions that can investigate threats in real time. As Ajit Sancheti, co-founder and CEO of Preempt, said in a formal statement:
Without real-time prevention solutions and improved employee engagement, these threats will not only increase, but find more sophisticated ways to infiltrate and navigate a network. The future of security practices relies on the ability to not only understand users and anticipate attacks, but also how to mitigate threats as quickly as possible.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba