Preventing Insider Threats in Cybersecurity | Sasfin

Firewalls, perimeters, and cybersecurity processes keep cyber criminals out, but what happens if the threat originates from within the organisation?

Verizon’s 2023 Data Breach Investigation Report found that one-fifth of cybersecurity incidents were caused by insider threats, resulting from both deliberate misuse and inadvertent human errors.   

Insider threats are risks posed by individuals within a business who may misuse their access to data, systems, or facilities for malicious purposes. You play a critical role in safeguarding your company’s assets and reputation because you are in a unique position to notice if there is unusual activity or access on your network. 

Defining Insider Threats

According to IBM’s Cost of a Data Breach Report 2023, data breaches initiated by malicious insiders were the most costly— averaging $4.90 million, or 9.5% higher than the $4.45 million cost of the average data breach. This is likely because insiders know exactly which data is most valuable and what to target. 

Types of Insider Threats

Let’s look at the types of insider threats companies are facing: 

• Malicious Insider: An employee or contractor who deliberately misuses their access to harm the company, such as stealing sensitive data or sabotaging systems.
• Negligent Insider: An employee who accidentally causes harm through careless or negligent behaviour, such as falling for phishing scams or mishandling confidential information.
• Compromised Insider: An employee whose credentials or access privileges have been compromised by external attackers, allowing them to carry out unauthorised activities within the company’s systems.
• Third party Insider: These include contractors, vendors, partners, or service providers who interact with the company's infrastructure.

Truth be told, no company is immune to insider threats. To detect and prevent them, organisations must take proactive measures to identify and stop insider threats before they lead to serious cybersecurity incidents.

Real-World Examples of Insider Threats

While specific details of insider threat cyber-attacks may not always be publicly disclosed due to confidentiality and legal considerations, several instances have been reported in the media. Here are a few examples:

Goldman Sachs Insider Theft (2021): A former employee of Goldman Sachs, a global investment bank, stole proprietary source code related to the company’s high-frequency trading (HFT) platform before leaving the organisation. The insider used the stolen code to develop a competing trading platform, violating intellectual property rights and confidentiality agreements. This theft resulted in legal action and reputational damage for Goldman Sachs. 

Tesla Insider Sabotage (2018): A disgruntled employee of Tesla, a leading electric car manufacturer, conducted sabotage activities against the company’s manufacturing operations. The insider tampered with production systems, installed malware on company computers, and leaked confidential data to third parties. This sabotage disrupted Tesla’s production processes, caused delays in vehicle deliveries, and led to financial losses and legal action against the employee. 

The South African Revenue Service (SARS) experienced a data breach in 2017, where confidential taxpayer information, including tax IDs and financial data, was leaked online. While the exact cause of the breach was not disclosed, insider involvement was suspected due to the sensitive nature of the leaked information. 

Spotting Insider Threats

If you suspect a colleague may be acting suspiciously and potentially pose an insider threat, it’s crucial to approach the situation with care and consideration.  

Warning Signs to Look Out For

Here is what to look out for: 

• Behavioural Changes: Your colleague’s behaviour may seem out of character or raise red flags, such as secretive actions, accessing unauthorised areas or information, or displaying sudden changes in attitude or work habits.
• Access to Sensitive Data: If your colleague has access to sensitive company data or systems, their suspicious behaviour could indicate an attempt to misuse or exploit this access for personal gain or malicious purposes.
• Personal Issues: Financial difficulties or personal problems could potentially motivate someone to engage in insider threats, such as theft of intellectual property, fraud, or sabotage, to alleviate financial strain.
• Workplace Discontent: A colleague who feels undervalued, overlooked, or mistreated in the workplace may become disgruntled and act out in ways that compromise the company’s security or interests.
• Coercion: A colleague may have been coerced or manipulated by external parties, such as competitors or malicious actors, to engage in insider threat activities against their will.

While these factors may raise suspicions, it is essential to approach the situation with caution and avoid jumping to conclusions.  

Preventing Insider Threats

The good news is that there are ways to prevent insider threats. Here are a few good habits to follow. 

Best Practices for Preventing Insider Threats:

1. Avoid using public Wi-Fi: Refrain from using public Wi-Fi networks for sensitive tasks or accessing confidential information.
2. Secure Your Devices: Lock devices when not in use and never leave them unattended in public places.
3. Protect against Shoulder Surfing: Be mindful of shoulder surfing and ensure privacy when entering passwords or viewing sensitive information.
4. Follow company policies: Adhere to company policies and procedures for accessing and handling sensitive information.
5. Use strong authentication: Use strong, unique passwords and enable multi-factor authentication where available.
6. Verify online requests: Be cautious when accessing or sharing information online and verify the authenticity of requests for sensitive data.
7. Report suspicious behaviour: Report any suspicious behaviour, security incidents, or policy violations to your manager or the information security team.
8. Stay informed: Keep up to date with cybersecurity best practices and emerging threats through training and awareness programs.

Conclusion

Insider threats pose significant risks to organisations, Safin’s Cybersecurity Team believes, with the right strategies and proactive measures, these threats can be mitigated. By understanding the types of insider threats, recognizing the warning signs, and implementing best practices, companies can protect their valuable assets and maintain their reputation.