Security professionals and managers are increasingly concerned that the leading information security risk to organizations comes from within. But despite the sinister overtones of this problem, insider threats are associated more with accidents and oversights than malicious actors.

The danger is amplified by shortfalls in training and expertise, and the challenge of protecting against threats that arise from within the basic security perimeter of the organization itself. Further complicating matters is the fact that the greatest risk comes from administrator accounts and privileged users.

A Fine Line

A crowd-based survey of 300,000 members of the LinkedIn Information Security Community, conducted by Haystax Technology, revealed growing concern about insider threats. Nearly three-quarters (74 percent) of the respondents said they felt exposed to insider threats, while 56 percent reported that insider attacks had increased in the last 12 months. Meanwhile, almost half (49 percent) were uncertain whether their own organizations had experienced such an attack.

While much of the survey explored deliberate threats and attacks, survey respondents were more concerned about accidental breaches or data leaks (71 percent) and negligent breaches (69 percent) than malicious breaches (61 percent).

The rise of social engineering threats such as phishing has surely heightened concern that insiders might be tricked into exposing data. But the line between pure mishap and negligence can be tricky to draw. Similarly, a malicious outsider might target specific data, then exploit an employee’s carelessness to gain access to it.

Targeting the Basics

For malicious insiders, the primary motive is the oldest and most familiar of all: money. CIO Insight noted that 55 percent of insider attacks sought to monetize sensitive data. Committing fraud accounted for 51 percent, with sabotage, theft of intellectual property (IP) and espionage all in the 40-percent range.

The leading specific target of insider attacks is customer data, followed by financial data and IP. Credit card account numbers are catnip for bad actors.

The leading specific point of vulnerability also has a familiar ring: Endpoints are implicated in 57 percent of attacks, far ahead of mobile devices (36 percent), networks (35 percent) and the cloud (20 percent). This may reflect the basic reality that internal endpoints are unavoidable since old-fashioned desktop endpoints still sit on practically everyone’s desk.

Identifying Insider Threats

The group most implicated is administrators and other privileged users, who were identified by 60 percent of survey respondents. These are the users in the best position to carry out a malicious breach, and whose mistakes or negligence could have the most severe effects.

They are closely followed by contractors, consultants and temporary workers (57 percent), who may be less loyal to the organization or insufficiently trained in its systems. Employees and privileged business users account for 51 and 49 percent, respectively, while executive managers trail far behind at 31 percent.

In short, insider threats take familiar forms, but the effects are amplified because they come from within and thus don’t have to kick down the door to the organization’s network. That said, survey respondents identified insufficient data protection strategies or solutions as the leading reason why insider threats are growing. The best protection against risks from within, as well as against all threats, is a strong institutional focus on security basics.

Read the white paper: Get smart to shut down insider threats

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today