Home Did you know ? Guarding Against Insider Threats

Guarding Against Insider Threats

By PJ Bradley

by Mic Johnson

If you have a business to protect, it can be difficult to keep track of all the different kinds of threats that pose a risk, much less understand them and defend against them. While most people know that external threats such as hacking and phishing are a major concern, not everybody is informed on the dangers of insider threats. Unfortunately, individuals with inside access to your organization can be just as harmful as bad actors on the outside. It can be more difficult to protect against insider threats than external attacks, but it doesn’t have to be overly complicated.

About Insider Threats

An insider is defined as “anyone who has access to an organization’s sensitive information or systems,” including current and former employees, executives, board members, contractors, partners, and facility staff, such as custodial and repair workers. Each of these people has authorized access, either physical or digital or both, to an organization’s resources and assets that allow them to cause harm, whether maliciously or unintentionally. Because some level of access is necessary for any insider to adequately perform their intended function, it can be tricky to mitigate the risks without hindering important business operations.

There are a number of different ways that an insider can cause damage to an organization. The Ponemon Institute, in the Cost of Insider Threats report, breaks the danger down into three categories: negligent insiders, malicious insiders, and credential thieves. A negligent insider is one who, through carelessness or ignorance of cybersecurity practices, causes harm to the organization without intending to On the other hand, a malicious insider sets out to damage the organization by abusing their authorized access. A credential thief is an outsider who uses nefarious means to gain access to sensitive areas of the business.

Insiders have the potential to cause serious damage from within an organization, as they necessarily have access to assets and areas that outsiders are barred from. Employee or contractor negligence, according to the Ponemon report, is the least costly type at around 485,000 USD per incident, but it occurs much more frequently than other types and thus makes up more than its fair share of average annual costs. Credential theft, as the least common type of insider threat but the most expensive one per incident, contributes more than 4.5 million USD to the annual total of around 15.3 million.

Protecting Against Insider Threats

Due to the unique nature of insider threats, there are unique challenges to protecting your business against them. Insider threats often bypass traditional threat prevention and blend in with normal user behavior, often as simple as an employee sending an email or accessing a file. The complex flow of data can also obscure insider risks: once it is downloaded, the company doesn’t have control over where it ends up or how. Sometimes, the system itself does some of the work, encrypting or compressing data for security reasons while inadvertently making it harder to detect sensitive data leaving the network.

Defending your business against insider threats means mitigating the risks associated with each type of insider. Because unintentional threats due to employee negligence are the most common, it is crucial that all insiders are trained in cybersecurity policies and best practices, which will protect against phishing and credential theft to an extent. It is also important to utilize the principle of least privilege, ensuring that each insider is only allowed access to the assets, resources, and network areas necessary for their function in the company. This means that both negligent and malicious insiders will have less data at their disposal to potentially end up being leaked or stolen.

There can be more complications when preventing malicious insiders from harming an organization, but there are tools available for mitigation. It is far more costly to wait for an insider threat to happen and incur the setbacks of remediating it than to prevent it from happening in the first place. Establishing a baseline for normal user behavior will allow a security team, along with whatever tools your organization deploys, to detect when user activity deviates and becomes suspicious. Understanding the varying motivations behind insider threats can also go a long way, providing the necessary context to address insider risks at their root causes. It is also important to have a plan in place for damage control and remediation in the case of an insider threat.


It is vital for all organizations to be aware of the potential dangers of insider threats. Regardless of the industry, job level, or specific position, all insiders are capable of posing a risk to a business, including employee and customer data. The first step to stopping insider threats is understanding what they are, where they come from, and why they are so uniquely challenging to protect against. With sufficient cybersecurity training and policies, protective measures, and remediation tools, any organization can greatly decrease the risk of insider threats and mitigate the total damage should an incident occur.

PJ Bradley is a writer on a wide variety of topics, passionate about learning and helping people above all else. Holding a bachelor’s degree from Oakland University, PJ enjoys using a lifelong desire to understand how things work to write about subjects that inspire interest. Most of PJ’s free time is spent reading and writing. PJ is also a regular writer at Bora.

You may also like