Insider Cybersecurity Threats: A Hidden Danger
Insider threats are the hidden danger lurking within your cybersecurity ecosystem. Only focusing on the actions and motives of external threat actors is a risky game that overlooks the reality and prevalence of threats originating from within. This article explores the topic of insider threats in cyber security by focusing on different types of threats, motives, high-profile cases, and some advice on reducing risks.
Types of Insider Threats
Insider threats are security risks originating from within your own organization. These threats stem from current or former employees, contractors, or any other insiders who have legitimate access to your systems. An insider is someone with legitimate authorized access to your systems and/or intimate knowledge of your company’s processes and resources (e.g. product developers, third-party partners).
The distinction between different types of insider threats in cybersecurity is based on the element of intent.
Let’s delve into both categories:
Accidental Insider Threats:
Accidental or inadvertent insider threats come from employees or other insiders who unintentionally cause a security breach. This lack of malicious intent differentiates accidental threats from intentional ones.
Causes can include:
Lack of Awareness: The insider might not understand or be aware of your company’s security protocols and procedures, leading to accidental violations.
Mistakes: An employee might accidentally send sensitive information to the wrong email recipient or leave a system unsecured (e.g. a cloud storage bucket).
Social Engineering: Insiders can unknowingly fall prey to phishing attacks or other forms of social engineering, and inadvertently provide access to sensitive information or systems.
Misuse of Systems or Devices: Insiders sometimes accidentally expose data or systems to threats by using them in ways that aren’t secure, like using a personal device for work or accessing a secure network via an unsecured public Wi-Fi connection.
Intentional Insider Threats:
Intentional insider threats are malicious in nature, and they are often what springs to mind first when thinking of insider threats. These intentional incidents arise when an individual within an organization purposely seeks to compromise the integrity, confidentiality, or availability of information or information systems. An understanding of the psychological factors at play is important when pondering why exactly someone might intentionally harm a company they work for or have previously worked for.
The main motivations for intentional insider threat incidents include:
Disgruntled Employees: Unhappy or discontented employees might intentionally cause harm to their employer. The risk rises sharply in the case of departing employees who’ve been recently laid off (and this risk amplifies even further during periods of heavy layoffs where large swathes of employees leave a company within a short timeframe).
Economic Incentives: Insiders might be bribed or otherwise incentivized to misuse their access, such as selling sensitive information to competitors or cyber criminals. Economic incentives come into play particularly where the rewards for betrayal are substantial.
Espionage: Sometimes, an insider might be a spy or a mole for another organization or a foreign government seeking to steal sensitive or classified information.
Sabotage: Some insiders might intentionally damage systems or disrupt operations, either for ideological reasons or out of sheer malice, although this is a rarer reason for an intentional insider threat.
With both types of insider threats, the actual threat originates from within your organization, but the motives and actions differ significantly. Accidental threats often stem from ignorance or negligence, while intentional threats carry malicious intent. By understanding these distinctions, you can bolster cybersecurity measures to address specific risks.
High-Profile Insider Threat Incidents
A 2022 report on insider threats revealed 44 percent growth in both accidental and malicious insider threat incidents over the previous two years. The average cost per incident reached a dizzying $15.38 million, which demonstrates the extent of damage that insider threats can cause. It’s worth taking a look at some real-world insider threat incidents to explore how exactly insider threats happen.
U.S. Intelligence Leak, 2023
The patriotism and pride often associated with being employed by one’s own country failed to stop a severe leak of classified U.S. intelligence by an insider. Spanning four months from late 2022 to March 2023, an employee of the U.S. National Guard uploaded dozens of sensitive documents, including CIA reports, to a group on the social messaging platform Discord. The motivation in this case appears to stem partly from discontent. One group member reported that the suspect accused of leaking the intel online previously complained about government overreach.
Yahoo Stolen Trade Secrets, 2022
A research scientist at Yahoo demonstrated how insider threats can compromise the most valued trade secrets that give companies their competitive advantage. Shortly after being hired by a competitor firm (The Trade Desk), the research scientist downloaded 570,000 pages of Yahoo’s intellectual property (IP) to his personal device. The stolen trade secrets included source code, ad placement algorithms, and internal strategy documents.
Microsoft Exposed Login Credentials, 2022
Exemplifying how insider threats are sometimes down to negligence, a cybersecurity research firm spotted login credentials to internal Microsoft systems and infrastructure on the code repository site GitHub. The leaked credentials were for several Azure cloud servers, and they appeared to have been left exposed on the personal GitHub profiles of Microsoft employees.
Twitter Insider Spying, 2019
In November 2019, Twitter faced criticism and legal charges due to privacy violations. Investigations discovered that two former Twitter employees used their access to spy on users on behalf of the Saudi Arabian government, potentially endangering their well-being. The employees were charged with accessing the private information of certain individuals who were critics of the Saudi Arabian government.
How DIESEC Can Help You Uncover Insider Threats
The required actions to help mitigate accidental insider threats are more clear-cut than dealing with malicious insiders. For accidental threats, it’s critical to run effective security awareness training programs for employees. An overall company culture that prioritizes cybersecurity is also essential; without a strong security culture, employees might not take cybersecurity seriously, increasing the risk of insider threats from negligence.
Companies often only become aware of malicious insider threats when the damage is already done. DIESEC’s IT Forensics service is here to change you from reactive to proactive insider threat detection. Our team of security experts can scrupulously examine your environment and application logs to detect anomalies that indicate insider threats.
Contact us today to learn more about our IT Forensics service.