Security professionals and managers are increasingly concerned that the leading information security risk to organizations comes from within. But despite the sinister overtones of this problem, insider threats are associated more with accidents and oversights than malicious actors.

The danger is amplified by shortfalls in training and expertise, and the challenge of protecting against threats that arise from within the basic security perimeter of the organization itself. Further complicating matters is the fact that the greatest risk comes from administrator accounts and privileged users.

A Fine Line

A crowd-based survey of 300,000 members of the LinkedIn Information Security Community, conducted by Haystax Technology, revealed growing concern about insider threats. Nearly three-quarters (74 percent) of the respondents said they felt exposed to insider threats, while 56 percent reported that insider attacks had increased in the last 12 months. Meanwhile, almost half (49 percent) were uncertain whether their own organizations had experienced such an attack.

While much of the survey explored deliberate threats and attacks, survey respondents were more concerned about accidental breaches or data leaks (71 percent) and negligent breaches (69 percent) than malicious breaches (61 percent).

The rise of social engineering threats such as phishing has surely heightened concern that insiders might be tricked into exposing data. But the line between pure mishap and negligence can be tricky to draw. Similarly, a malicious outsider might target specific data, then exploit an employee’s carelessness to gain access to it.

Targeting the Basics

For malicious insiders, the primary motive is the oldest and most familiar of all: money. CIO Insight noted that 55 percent of insider attacks sought to monetize sensitive data. Committing fraud accounted for 51 percent, with sabotage, theft of intellectual property (IP) and espionage all in the 40-percent range.

The leading specific target of insider attacks is customer data, followed by financial data and IP. Credit card account numbers are catnip for bad actors.

The leading specific point of vulnerability also has a familiar ring: Endpoints are implicated in 57 percent of attacks, far ahead of mobile devices (36 percent), networks (35 percent) and the cloud (20 percent). This may reflect the basic reality that internal endpoints are unavoidable since old-fashioned desktop endpoints still sit on practically everyone’s desk.

Identifying Insider Threats

The group most implicated is administrators and other privileged users, who were identified by 60 percent of survey respondents. These are the users in the best position to carry out a malicious breach, and whose mistakes or negligence could have the most severe effects.

They are closely followed by contractors, consultants and temporary workers (57 percent), who may be less loyal to the organization or insufficiently trained in its systems. Employees and privileged business users account for 51 and 49 percent, respectively, while executive managers trail far behind at 31 percent.

In short, insider threats take familiar forms, but the effects are amplified because they come from within and thus don’t have to kick down the door to the organization’s network. That said, survey respondents identified insufficient data protection strategies or solutions as the leading reason why insider threats are growing. The best protection against risks from within, as well as against all threats, is a strong institutional focus on security basics.

Read the white paper: Get smart to shut down insider threats

More from Identity & Access

CISA, NSA Issue New IAM Best Practice Guidelines

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators. As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot be overstated in today's world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented…

4 min read

The Importance of Accessible and Inclusive Cybersecurity

4 min read - As the digital world continues to dominate our personal and work lives, it’s no surprise that cybersecurity has become critical for individuals and organizations. But society is racing toward “digital by default”, which can be a hardship for individuals unable to access digital services. People depend on these digital services for essential online services, including financial, housing, welfare, healthcare and educational services. Inclusive security ensures that such services are as widely accessible as possible and provides digital protections to users…

4 min read

What’s Going On With LastPass, and is it Safe to Use?

4 min read - When it comes to password managers, LastPass has been one of the most prominent players in the market. Since 2008, the company has focused on providing secure and convenient solutions to consumers and businesses. Or so it seemed. LastPass has been in the news recently for all the wrong reasons, with multiple reports of data breaches resulting from failed security measures. To make matters worse, many have viewed LastPass's response to these incidents as less than adequate. The company seemed…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

8 min read - View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

8 min read