What are insider threats and how can you protect against them?

The biggest risks sometimes come from inside your organisation.

Cybercrime is big business. Hackers and bad actors are always eager to find a way to gain access to information they shouldn’t, and end up putting that data onto platforms and places that enable them to make an income. Organisations and the criminals who are trying to target them are involved in a neverending cat and mouse game of trying to patch vulnerabilities before they’re found.

Defensive skills have been developed over years that are the match of the offensive attacks, but there’s one area that continues to lag behind the bad guys: people. 

Most cyberattacks and data breaches begin not with a brute force attack using carefully-considered computer code, but instead, with people doing something wrong.

Insider threats can be a costly issue for businesses. People doing something wrong within an organisation – whether accidentally or deliberately – can result in catastrophic losses. The potential losses from insider threats rose 31% between 2018 and 2020, to now cost $11.45 million.

What are insider threats?

Insider threats can take many forms. Some are casually minded workers who don’t take into consideration the potential pitfalls of mis-stepping digitally – the accidentally reckless workers. Others are employees with a grudge: feeling wronged by their bosses, they sometimes choose to try and leak information, or deliberately let bad actors in as a way of misguided revenge.

Others are inside agents: people who know full well what they’re doing, and have joined a company specifically to help prise open access to data that shouldn’t be available to criminals. Meanwhile, sometimes third party participants brought in to a company to work on a contractor basis can accidentally leak information or leave open doors to data.

The more accidental concerns around insider threats have become even more of an issue as the work from home revolution has taken over the planet. We’re no longer able to exist under the protective halo of company IT support, instead left to fend for ourselves in cyberspace.

Working from home comes with risks

When we’re in an office, we’re often encouraged to act responsibly by the sheer presence of our peers. We remember to double-check our passwords, and can ask a fellow worker to double-check the veracity of a link in an email before clicking it and falling victim to a spear phishing attack.

When we’re away from the office, that informal and formal support network disappears. In order to try and tackle the issues that can ensue, it’s important that employers try to replace some of that consideration by making their workers more aware of the potential risks they could fall foul of when they’re working at home. That of course doesn’t stop inside agents from wreaking havoc remotely. 

Likewise, another element of the work from home revolution makes it more possible for businesses to become victims of cyberattacks from insider threats. The more we work from home, the more we keep in touch via email – making it likely that reckless employees will carelessly click on links they shouldn’t.

In order to try and counter that risk, businesses can limit the amount of communication that takes place on email to the most essential. If workers are wading through endless numbers of emails, they’re less likely to spot the extraordinary or unusual messages that hide phishing campaigns. They’re also more likely to believe that any message is sent officially. Instead, trying to take communication off email and onto real-time video calls can help ensure there’s less likelihood of falling foul of bad actors. Overall, the way to tackle issues with insider threats is to communicate the risks involved, and to advise people of how to avoid them.