One of the reasons that insider threats are such a significant security concern is that our users have a lot of access to the resources that are connected to our networks. We often will provide people with access without considering what the least privilege might be for that particular role.
And because of that, people tend to have more access to the network than they probably should. One of the reasons for this is we tend to trust people who are working for the same organization that we are. But many places have specific policies and procedures to protect everybody from gaining access to this type of data.
For example, there may be certain policies on how documents are handled, or there may be requirements for encrypting certain information when it’s stored on a server. If an insider does cause a problem, this can be a significant security issue. It can, of course, bring down systems and make services unavailable.
There may be a loss of data, especially proprietary or confidential information. And of course, having an insider cause this problem could harm your reputation with customers and stockholders. Sometimes the people on the inside may be coerced into causing these problems.
For example, phishing scams and hacking scams can cause somebody to perform certain functions on the network thinking they’re doing the right thing, but in reality, they’re being guided by the bad guys. Or maybe someone who understands your policies and procedures, but they’re careless at how they apply them.
For example, if someone is using a laptop for personal use, some of your company’s private information could fall into the hands of someone else. And of course, sometimes an employee really is out to get you. If you have a disgruntled employee who has access to data, they may be able to cause outages, make that data available to others, and harm the reputation of the organization.
This is one of the reasons that defense in depth is so important. You need a layered approach to security not only to protect you from people who are on the outside of your organization, but to also protect you from the people that are on the inside. Some practical statistics on insider threats have been compiled by Carnegie Mellon CERT.
This is the Computer Emergency Response Team. And you can find this information at cert.org/insider_threat. They found that 20% of attacks on organizations are being caused by people who are on the inside of the organization. And 43% said that these attacks were more damaging than someone who was on the outside.
This tends to make sense, because we know that people on the inside tend to have more access than people who are on the outside. Interestingly, 76% of these insider incidents were handled without any type of legal action, and ostensibly without any type of knowledge on the outside.
This is because companies know that these types of attacks could be very harmful to their reputation, so they tend to handle things internally rather than involve third parties.