Business owners are taking cybersecurity more seriously, but in many cases, their attention is at least partially misallocated. Notably, many organizations fear and plan for external attacks, but insider threats are more common and potentially more devastating.
Why do so many organizations underestimate insider threats?
And what can you do to protect against them?
Why So Many Organizations Underestimate Insider Threats
These are just some of the reasons why so many organizations underestimate the prevalence and potential impact of insider threats:
- The known vs. the unknown. It's human nature to distrust unknown factors more than known factors. It's the reason why we are afraid of the dark. It's also the reason why we tend to be more afraid of strangers than people close to us, even though, statistically, it's the people closest to us who are most likely to commit violent acts against us. In the world of cybersecurity, it's human nature to anticipate external threats that are hard to see or understand; in other words, we are more likely to be on guard against unknown stranger hackers than we are to be on guard against our own internal people.
- Inherent trust. You hire new people because you trust them. You believe in their capabilities. You believe in their competence. When you give them a company laptop, you expect them to use it responsibly. When you give them access to sensitive data, you expect them to keep it secure and private. This level of inherent trust makes it difficult to even acknowledge insider risks, let alone act on them. If you trust and appreciate all your staff members, you're less likely to anticipate the ways they could harm or jeopardize the security of your organization.
- Miscalculation of risk. Some people miscalculate the risks associated with insider threats and external threats. It may seem like most data breaches and security threats are the result of coordinated cybercriminals who work independently to steal or destroy data. But as we'll see, insider threats are both more likely and more dangerous.
- Budget issues. In rarer cases, insider threats are brushed aside because of budgetary or time allocation issues. If you restrict cybersecurity expenditures, your cybersecurity experts will likely focus on guarding against external threats before insider threats.
The Reality of Insider Threats
Approximately 60 percent of data breaches are attributable to insider threats – and that number is on the rise. Insider security incident prevalence has risen by 47 percent since 2018, and the average cost of an insider threat has increased by 31 percent since 2018.
It’s also important to note that not all insider threats are malicious in nature. It’s not just disgruntled employees or planted corporate spies who can compromise your internal systems; it’s also incompetent or poorly trained employees unwittingly violating your security policies or opening new vulnerabilities.
The Best Ways to Safeguard Your Business
So, how do you protect your business against insider threats?
- Start with zero trust. The zero trust security model demands that businesses “never trust” and “always verify.” In other words, no user or device should ever be trusted by default, regardless of the network to which they’re attached or the presence or absence of previous verification. Consider adopting this model to help mitigate insider threats.
- Physical security. If you have physical data centers, or even just an office full of people using laptops, it's important to employ physical security measures. Make sure your staff members don't have access to devices or equipment they don't truly need.
- Access control. Along similar lines, it's important to employ restrictive access control. Generally, your employees should only have access to data and systems they genuinely need to do their jobs. The more restrictive your access is beyond what is essential, the better.
- Education and training. Sometimes, insider threats can be prevented through simple employee education and training. This can help employees better understand the importance of following security protocols and make them more acutely aware of potential social engineering scams like phishing.
- Tracking and monitoring. You should also understand key signals that could indicate an insider threat in progress. Once you identify these signals for your organization, employee tracking and monitoring systems can help catch threats before they become unstoppable.
- Incident response planning. Finally, integrate insider threats into your incident response planning. What types of insider threats are most likely to jeopardize your business? If and when they unfold, what measures can you employ to stop the bleeding? Who's responsible for stepping in, and how should they handle the situation?
It's important to take insider threats seriously, even if you trust your employees, and even if your risk profile seems unalarming. Insider threats are both highly prevalent and highly expensive, so it's prudent to integrate key defensive measures as preventative actions to keep your business secure.