Know how to prevent insider threat by knowing what to look for
Insider threats are a major danger to organizations. In the last two years, the cost of an insider threat incident has risen 44% to $15.38 million per incident on average, according to the 2022 Ponemon Cost of Insider Threats Global Reports. An insider threat can compromise your company’s security, leak proprietary information or sabotage technology from within. Potential threats may exhibit red flags before they act against the organization. They may have a variety of motivations, from having been flipped by an outside source to being a disgruntled employee.
Flipped Insiders
In some cases, good employees can be turned against the company by outside sources. Adversaries may simply offer an employee cash in return for company information. This is part of why financial troubles can be a big indicator for potential insider threats, especially if employees get a sudden influx of wealth or start buying flashy things they typically couldn’t afford. However, adversaries may also work in more subtle ways, getting close to a targeted employee and leveraging a relationship with them to get them to turn against the company.
This can be through a process known as bumping. In this, an adversary will research a target who works at the organization they want to sabotage or steal from. They will look at the target’s social media for clues about the target’s hobbies and places the target frequents. Maybe that person goes to trivia at the same place every week and posts about it. The adversary will use that information to “bump” into their target and start building a relationship based on what they gathered in their research.
Another form of this is the honeypot method. Here, an attractive person attempts to seduce the target in order to get close to them. In these methods, as the friendship or relationship develops, they may begin to push for more information about the target’s work, getting them to inadvertently reveal something they shouldn’t, or work to flip the target and get them to turn against their organization. They may also find blackmail material to force the target to give over information or act against the company.
The best way to combat these types of insiders is education. Make sure your employees know to be on guard and protect the information they’ve been entrusted with, even with people they have a personal relationship with.
Espionage
Sometimes, someone is an insider threat from the moment they are hired. They may try to get a job at the organization while working as a spy for another, stealing whatever information they can to send back. Any cleared employees will go through an extensive background check that should weed out people with falsified background, but they could also enter the company as an uncleared employee. This is why it’s crucial that cleared employees know to watch for people who are trying to access information they shouldn’t or asking too many questions about work outside their scope.
Insiders with a Grudge
Some employees may turn against the company because of perceived mistreatment. This is why an employee being combative with coworkers or refusing to follow company procedures can be a red flag. Some may also try to steal company information for their own gain. They may sell the information or use it to start their own company.
Your company culture is a central part of combatting this type of insider threat. By building a relationship with employees, you can be more aware of when their behavior changes. It also creates an environment where personnel feel safer coming forward and reporting things to the security team.
Negligent Insiders
This is a common type of insider threat. While there isn’t malicious intent with a negligent insider, they are nonetheless dangerous. This could be someone who forgets to follow security procedures or responds to phishing scams. While everyone makes mistakes from time to time, someone who consistently fails to follow security procedures is a danger to company security, even if they’re well meaning.
Again, the trust you build between personnel and the security team plays an important role in preventing this type of insider threat and minimizing damage. If someone doesn’t come forward when they unintentionally break security protocols, the problem can fester and become significantly worse. Especially for first offenses, meet these mistakes with compassion. Explain to the person why the mistake they made can lead to larger problems and give them a “why” to care about. Meet any lack of knowledge with further training.
Your best weapon in the fight against insider threats is your employees and their knowledge. Your security team can’t be everywhere, but great training can mean your employees are alert and ready to be your eyes and ears in protecting company data.
With Adamo’s FSO support services, you don’t have to go about it alone. Whether you need someone to run engaging and insightful trainings for you, or just free you up from the more tedious parts of your job so you can focus on training yourself, we are here to meet you where you’re at.
