The Risk is coming from Inside the House!
As I read more and more articles on the subject IT Security and Governance, there is something that I have noticed that most of these published articles seems to be lacking. Almost all of them talk focuses on protecting the organization from hackers and malicious 3rd party but lacks to put in any coverage on Insider Risk.
In the past year, discussions with clients and with other IT security professionals have shown a narrow focus on defending against external threats. However, it is crucial to acknowledge that insider risk is a significant and often overlooked security concern. Despite this, many organizations have implemented only basic measures, such as using a data loss prevention solution on their email systems, to protect against insider threats.
Insider threats can be equally or even more damaging than external threats because insiders usually have legitimate access to sensitive information and systems.
With the goal of raising awareness and understanding of the risks posed by insider threats, this series of articles and stories will dive into the impact and consequences of these threats on organizations. From real-life case studies to insights, we will explore the different types and categories of insider threats, the motivations behind them, and the measures organizations can take to prevent and mitigate them.
Submitted for the approval of the Midnight Society... I shall call this series "The Threat is coming from Inside the house!"
Understanding Insider Threats: Types, Categories and Impact
Our story begins…
A healthcare organization compromised the personal information of 1.3 million patients by selling it to private insurance companies. The sensitive data, which included dates of birth, postcodes, and diagnoses, was used by the insurance firms to determine premiums based on illness trends, age, and geographic locations. (1) (2)(3)
A rogue employee unlawfully sold off confidential customer information from the company's support database to an external entity. Approximately 70,000 out of the company's total 12 million customers were affected, with the disclosed information including their names and phone numbers. (4)
A bank suffered a data breach after one of the banks manager shared banking password of 80 customer to a mortgage broker. The manager even went as far as resetting the passwords of these customer accounts before handing them over to the broker, putting sensitive customer information at risk. (5)
The unfortunate common theme
The three stories all involve incidents of insider risk in which someone within an organization had access to sensitive information and used that access inappropriately.
Defining Insider Threat
Insider threats refers to a security incident that are caused by individuals who have access to an organisations systems, networks and data. (6) This threat affects organizations of all sizes and industries.
These individuals can intentionally or unintentionally compromise the organization's security by leaking confidential information, stealing data, introducing malware, or disrupting critical systems. Insider threats can come from a variety of sources including employees, contractors, partners, and other insiders who have access to the organization's information systems and data. They are a major security concern for organizations, as they can cause significant harm and financial loss.
They can be professional or personal (example: an employee accidently accessing sensitive data, or a contractor who becomes malicious and accesses confidential data to cause harm.) Insider threats like these affect companies of all types and industries.
The topics below provide insight into what insider threats are, the types of insider threats, the severity of each type, the risk associated with each type of threat.
What are Insider Threats?
As a business grows and collects more data, the likelihood of an insider threat increases. An insider threat can be either a malicious or unintentional event that causes a security breach. (7)
Intentional (aka Malicious) insider threats are when an employee intentionally steals or accesses sensitive data.
领英推荐
Unintentional insider threats can be subdivided into 2:
Categories of Insider Threat
Risky - This is when employees conduct activities that are unsafe and/or risky, such as downloading and/or transferring sensitive data.
Routine - This is when employees conduct activities that are expected and/or typical, such as routinely storing or accessing sensitive data.
Ongoing - This is when a threat continues for a significant amount of time, such as intentionally stealing or accessing sensitive data.
Idle - This is when an employee has no intent to cause harm, but is still a risk to the organization because they have access to sensitive data.
Risk Associated with Each Category of Insider Threat
Risky - The risk associated with a risky insider threat is low because there is low likelihood of damage and low risk of detection. The employee likely did not intend to cause harm. However, the employee could have been engaging in risky behavior, such as downloading and/or transferring sensitive data. This type of insider threat is low risk because it is unlikely to cause any damage, is likely to go undetected, and is most likely committed by an unintentional insider.
Routine - The risk associated with a routine insider threat is medium because the data is likely to be discovered and the chances of detection are likely to be high. An employee may be accessing or storing sensitive data without realizing it, such as when an employee uses a shared computer to store or access sensitive data. This type of insider threat is medium risk because it is likely to cause some damage and is likely to be discovered.
Ongoing - The risk associated with an ongoing insider threat is high because it is likely to cause significant damage and is likely to be discovered. An employee who intentionally accesses or transfers sensitive data for an extended period of time is engaging in an ongoing malicious insider threat. This type of insider threat is high risk because it is likely to cause significant damage, is likely to be discovered, and is likely to result in harm.
Idle - The risk associated with an idle employee is low because they have no intent to cause harm. However, they still have access to sensitive data and represent a risk because they have access to sensitive data and may choose to cause harm with it. An idle insider threat is low risk because they have no malicious intent and are unlikely to cause harm.
Severity of Insider Threat
The severity of an insider threat is determined by the type of data accessed and the duration of time it was accessed. For example, an employee accidentally and transiently accessing or transferring sensitive data poses little risk. An employee who accesses or transfers sensitive data over an extended period of time is engaging in a serious malicious insider threat.
Fraud, Fines and Friction
Insider threats pose a significant risk to organizations and can result in devastating consequences, including loss of sensitive information, financial losses, and damage to reputation. To effectively manage and mitigate these risks, it is essential for organizations to have a comprehensive understanding of the key risk factors associated with insider threats.
The following 5 risks represent the most prevalent forms of insider risk and highlight their potential financial impact:
Theft of Confidential Data: This risk involves insiders accessing sensitive or confidential information, such as trade secrets or customer data, and stealing it for personal gain or sharing it with unauthorized parties. Financial impact can include costs associated with legal proceedings and settlements, lost revenue, and damage to reputation and brand.
Fraud: Involves insiders using their access to information and systems for personal gain. This can include activities like falsifying records or manipulating data to obtain unauthorized benefits. The financial impact can include financial losses, legal penalties, and decreased public trust.
Intellectual Property Loss: This risk involves insiders misusing or stealing trade secrets or other intellectual property for personal gain or for sharing with competitors. The financial impact can include decreased competitiveness, legal penalties, and potential loss of reputation and brand.
Sabotage: This risk involves insiders intentionally causing harm to the organization, such as destroying data, disrupting operations, or sabotaging systems. The financial impact can include loss of revenue, increased operational costs, and damage to reputation and brand.
Compliance Breaches: This risk involves insiders violating laws, regulations, or policies that the organization is bound by. This causes friction between your organization and any regulatory body that you work with. The financial impact can include fines, legal penalties, and loss of reputation and brand.
Next up we look at Identifying, Assessing and Responding to potential insider threats. (coming soon)