Last month we published our 2022 Insider Risk Report and took care to explain the ‘very’ real differences between Insider Risk and Insider Threat. Why? Because 2021 was a game-changer for enterprise cyber security and the rules will never be the same again. It was the year ‘insider risk’ went from a nice to have to a ‘we better figure this out and take it seriously’ wake up call for many enterprises.
As such, it’s no surprise that in 2021 the DTEX i3 team identified a 72% year-over-year increase in actionable insider threat incidents. So we thought that it made sense to write a blog post to further articulate the difference for those new to the practice of insider risk management.
At the most basic level, anyone who handles data is an insider risk. This includes your Board and C-level executives all the way down to your newest and most junior employee. It includes your partners, attorneys, and suppliers. It’s not that these people intend to do harm. It’s because they’re humans, and humans make mistakes. They lose their phones and laptops. They send emails to the wrong recipients (that can be embarrassing). They may allow their kids to use their work computers and download games with spyware.
Sometimes it isn’t an accident, but simply an attempt to do their job more efficiently. If they are working remotely (who isn’t these days) they probably are on poorly secured networks. When attending video conferences, they may take screen shots of sensitive information to save time. They may upload sensitive data to a cloud storage service so they can access it later without going through the corporate network or print data on their home devices.
Insider threats are a subset of those who handle your data. Threats are characterized by their malicious intent. Insider threats are those employees, vendors, or partners who plan and execute actions to steal or release data or sabotage corporate systems.
Make no mistake—your internal data has value. An employee planning to jump ship and take a role with your top competitor may be tempted to take your customer list or product plans with him. Others may be approached by external actors offering to compensate them financially in exchange for their help exfiltrating data. In rare cases, insider threats can be those individuals using corporate assets to engage in criminal behaviors such as black-market e-commerce, human trafficking, or child pornography collection and storage.
Our report dives into the behavior of both insider risks and insider threats for good reason, both can result in damaging releases of data. According to a pre-pandemic Ponemon study of mid-sized companies, the root cause of most data breaches is a negligent employee or contractor.
So, you’re right to worry about malicious insiders. But you also need to keep alert for well-intentioned employees handling data in risky ways.
In our next post we’ll give you another threat to consider. What happens when that malicious insider also has the technical skills of a proficient hacker?