The Call Is Coming from Inside the House: Insider Threats and How to Mitigate

By Cole Francum, Assistant Account Executive

It’s official: "Spooky Season" is here, and an often unnoticed, insidious monster lurks in the shadows, waiting to strike. No, not ghosts, goblins, or ghouls… but insider threats.

While not the same jump scare as Freddy Krueger or Michael Myers, insider threats pose a grave risk to organizations and their well-being. As Insider Threat Awareness Month wraps up, it’s important to reflect and take precautions to prevent them from wreaking irreversible damage.

We traced the call… What exactly is an “insider threat”?

An insider threat is a classification of risk defined by individuals who have internal access to an organization's physical or digital assets. These threats can include current and former employees, vendors, business associates, or contractors who all have, or had, authorized access to an organization's internal computer systems and network.

Recent research from Cybersecurity Insiders and Securonix found that the number of organizations reporting insider attacks rose from 66% in 2019 to 76% in 2024 with a notable rise in incidents that resulted in multiple attacks. The report also found that 90% of the 450+ cybersecurity professionals who were surveyed said that insider attacks were equally if not more difficult to detect, as opposed to external attacks.

With that in mind, insider threats may display certain behaviors that can be identifiable red flags, including disgruntled or stressed-out attitudes, odd working hours, accessing confidential files, attempting to bypass security measures, or a general lack of adherence to security protocols. The motivations for these insider threats can range from financial gain to retaliation to coercion with external parties to a general lack of awareness. Any of these indicators should alert organizations and security leaders to investigate and take appropriate steps to mitigate the risks associated with insider threats.

“You’re a Monster!” Well…

Insider threats are not always the stereotypical image of a nefarious individual in a dark room with multiple computer screens. Sometimes, the culprits have a less expected profile. Let's take a closer look:

• Malicious: These hostile individuals intentionally abuse their access to data for personal benefit or to inflict damage on the organization. This could include stealing sensitive information, sabotaging systems, or engaging in espionage tactics.
• Third-Party: External parties with authorized access to an organization’s systems and sensitive information, such as vendors, contractors, or business partners, can also lead to insider threats.
• Negligent: Individuals who neglect security protocols and best practices, including updating software, using weak passwords, or circumventing security measures, can be considered insider threats. Their irresponsible actions can inadvertently lead to a data breach.
• Accidental: While not having malicious intent, individuals with careless actions may accidentally expose sensitive data. This includes making mistakes such as sending an email to the wrong recipient, incorrectly destroying documents, or falling victim to phishing campaigns.
• Compromised: Malicious hackers may infiltrate an organization through malware or phishing attacks, gaining access to networks by impersonating legitimate insiders whose credentials or devices have been compromised.

Tricks = No Treats

?Insider threats that result in a successful attack have severe consequences. Data leaks can compromise intellectual property or customer data, have costly financial consequences, and significantly disrupt business operations. The downtime to address cyber incidents and carry out recovery efforts can put organizations in a bind that can be ultimately devastating. Some insider attacks might go unnoticed or undetected for quite some time, which can exacerbate their impact and damage.

Outside of the breach of proprietary data and financial ramifications, there is a loss of trust and longstanding reputational damage that accompanies a successful incident. Compounded with undermined confidence and integrity, organizations can lose long-term business relationships along with the revenue they generate. They might also face legal fallout and extensive scrutiny or investigations from regulatory bodies.

Whatever you do, don’t… fall… asleep!

If it wasn’t obvious, insider threats should be taken extremely seriously and can be considered a do-or-die concern.

The human aspect of cybersecurity often gets overlooked in security strategies but should be considered a massive, ever-morphing vulnerability. In fact, recent research from Zerto, a client of Touchdown, found that human error is responsible for almost half (46%) of all reasons for data becoming unrecoverable, making it the largest threat to data loss.

Having worked with multiple cybersecurity clients, I have a (somewhat) comprehensive list of effective ways to protect your company and sensitive information from insider threats:

• Implement and build systems and products following CISA’s Secure by Design principles
• Integrate Data Loss Prevention (DLP) software to monitor and control data transfer
• Start regular penetration testing to simulate a real-world attack on your digital assets within a controlled environment
• Employ Security Information and Event Management (SIEM) tools to detect and analyze security data from various sources
• Integrate user activity monitoring tools to track and record potentially harmful insider activity
• Limit employee access privileges to the minimum necessary for job functions and encrypt highly sensitive information
• Establish a remediation and response plan that clearly defines steps to take in the event of an insider threat or data breach
• Educate employees across all departments on security policies and best practices through continuous training sessions, workshops, and communications
• Regularly remind and update employees on cybersecurity trends and common vulnerabilities and exposures (CVEs)

DON’T. SPLIT. UP.

It should be emphasized that while humans are the largest threat to data loss, they are also the biggest allies in a robust cybersecurity strategy. Organizations should promote a culture of security where protection and camaraderie are in the DNA of their day-to-day workflows. By combining technology solutions with company-wide security awareness and accountability, organizations can effectively mitigate and address insider threats from becoming a successful breach or attack.