Insider threat — attacks triggered inside a company by staff and members — are among the most expensive and difficult to track of all data breaches. Two-thirds of the cumulative data documents exposed in 2017 were an inadvertent product by insiders.
In fact, internal risks are liable for 60 percent of cyberattacks. Furthermore, over 2 billion documents were unintentionally exposed to misconfigured cloud storage and networked backup events, triggered by employee incompetence last year.
Insider Threat: Nonresponders
A tiny yet substantial proportion of the workplace population comprises nonresponders for activities relevant to sensitivity training. While such users do not wish to act negligently, they are among the population’s most dangerous participants because their actions match predictable trends.
During 2017, Verizon observed that about 4.2 percent of users would open the harmful connection attacked in any specific phishing program. Individuals with a long background of falling victim to phishing schemes will fall victim again.
While workers who behave regularly in dangerous ways are usually a subset of the population, the cumulative effect of workplace errors is overwhelming. A research report showed that both forms of negligence triggered 63 percent of the incidents reported last year.
Insider Threat: Inadvertent Insider
Simple negligence is the most prevalent type of insider danger, and often the most costly single category of risk to employees. Insider risks that suit this definition typically show positive conduct and comply with protocol, which result in breaches because of individual mistakes.
According to a recent study, simple misjudgment — such as keeping the intellectual property on vulnerable personal devices — caused two-thirds of breached records in 2017
Insider Collusion
Insider cooperation with malicious foreign threat actors is perhaps the rarest type of criminal insider attack. However, because of the elevated prevalence of attempts by sophisticated cybercriminals to hire workers through the dark web, it is still a danger.
One research put deception level, including deception between insider and intruder, at 48.32 percent of all accidents triggered by an intruder. Meanwhile, the collaboration between insider and outsider made up 16.75 percent.
Those accidents have taken many forms:
- About 37 percent of cases involve theft.
- Theft in intellectual property included around 24 percent of cases.
- Approximately 6 percent of cases reported fraud and robbery combined.
According to the same document, accidents involving collaboration are among the most costly forms of a violation. This can take four times longer to identify than events triggered by solo flying insiders.
Persistent Malicious Insiders
Criminal informants more often exfiltrate data or perpetrate such criminal activities directed at financial incentives or other immediate benefit. An analysis of illegal insider attacks showed that 62 percent of malicious-intentioned insiders are rated as “second streamers.”
Seniority has no connection to the activity level. Just 14 percent of persistently malicious insiders occupied leadership positions, and only one-third had privileged exposure to info.
Disgruntled Employees
Often among the most disruptive threats to a company are angry workers who conduct intentional vandalism or misuse of intellectual property as a final type of criminal insiders.
A study showed that 29 percent of workers stole details for potential benefits after retiring or being terminated, while pure sabotage inspired 9 percent.