Insider Threats Increasingly Put Organizational & Individual Data At Risk

One of the top news stories of the recent cycle is the leak of highly sensitive, classified government documents by a 21-year-old member of the Massachusetts Air National Guard . The trove of documents, which first appeared on the Discord social platform, contains intelligence from numerous government agencies related to foreign nations, both adversaries and allies, as well as information related to the Ukraine-Russian war. The Consumer Financial Protection Bureau also recently experienced an insider breach resulting in 250,000 personal files being exfiltrated to a personal account.

Whatever the motivation for leaking this classified material, the prevalence of insider threats to businesses and organizations, including the federal government, is a growing problem.

Just last month, The White House released its “National Cybersecurity Strategy”, the first pillar priority being ‘Defend Critical Infrastructure’. This would include military intelligence and other confidential government material. The point here is that once mission- or business-critical data is identified, its protection should become paramount.

Data is valuable. Experian research indicates approximately 85% of all organizations consider organizational data as being among their most valuable assets. The sheer amount of data any entity holds includes client account information, employee records, financial transactions, and intellectual property. Depending on the industry, some data requires certain protections by law, thus indicating its value to the owner, manager, and threat actors seeking financial gain by selling stolen data.????

The accompanying chart compiled by Invisibly captures some of the financial value, which when calculated at the scale following a massive breach is truly lucrative. Furthermore, Forbes reports it costs $1,010 to purchase the amount of data needed to steal an identity indicating the potential for profit.

Whether dealing with an insider threat—like the case of the Guardsman or a state-sponsored threat actor—clear delineations and policies must exist to safeguard critical data.

Retired Navy Rear Admiral Mark Montgomery captured the challenge of data protection when asked by Axios reporters about the leak of classified documents: “IT and cyber personnel are often given access to things as part of their administrative 'access,' but the assumption is they don't review the content". My emphasis.

There is a reason one of the leading data security protocols is called zero-trust: the protection of sensitive data is the priority, necessitating the exclusion of certain individuals from gaining access.

At SpearTip , our security assessments leave no stone unturned in examining how your organization leverages your current technology. We review application and operating system access controls and analyze physical access to your systems. We conclude with detailed reports and recommendations to keep you compliant and safe, according to industry standards. 43% of data breaches involve attacks against web applications. Protect your organization from breaches that originate through web applications with our comprehensive assessments.

Ponemon Institute concludes that “62% of data breaches” are caused by insider threats, regardless of intent. WatchGuard Technologies puts this number at 20%. The reality of the matter is likely somewhere in between.

Without regard to the actor or their motivation, all organizations—and particularly those that manage, handle, and transmit highly sensitive data—must take every precaution to ensure the information is only used as intended and does not fall into the wrong hands.

Optimized cyber hygiene requires a partner who can conduct a thorough investigation of your security environment from top to bottom, including policies, personnel, and privilege access management; it requires an incident response plan to ensure any breach is contained swiftly and before highly sensitive data can make its way to Discord ; it requires active monitoring and threat remediation capabilities like those offered by SpearTip ’s ShadowSpear Platform, a fully managed security toolset powered by our 24/7/365 SOC because there is no telling when or where a threat actor might strike.