The Insider Threat

News and information from the Advent IM team.

First of all, what we need to understand is, what is an insider threat?

An insider threat is a person who has authorised access to an organisation’s systems, data, or facilities, but who misuses that access to harm the organisation. This could include:

  • Stealing sensitive information: This could be anything from customer data to trade secrets.
  • Damaging or destroying systems: This could include deleting files, installing malware, or sabotaging hardware.
  • Disrupting operations: This could include sending spam emails, impersonating other employees, or spreading misinformation.

Insider threats can be malicious or unintentional. Malicious insiders are people who intentionally misuse their access to harm the organisation. Unintentional insiders are people who accidentally expose the organisation to risk through careless actions.

The insider threat is a serious and growing problem for organisations of all sizes. It refers to the risk that a person who has authorised access to an organisation’s systems, data, or facilities will misuse that access to harm the organisation. This could include stealing sensitive information, damaging or destroying systems, or disrupting operations.

What are the reasons for an insider threat emerging?

Insider threats is a serious problem for organisations of all sizes.  They can cause significant financial damage, reputational damage as well as operational disruption. There are a number of factors

There are a number of factors that contribute to the insider threat. These include:

  • The increasing complexity of IT systems
  • The growth of remote work
  • The rise of social media
  • The economic downturn
  • Non-Malicious, such as Human error.

 

One of the most interesting threats in terms of the insider and the one that most companies should be more aware of and forward think with placing mitigation measures against is the disgruntled employee. An employee could be disgruntled for a several reasons, such as a grievance against a colleague or the organisation, who has access to sensitive areas and or information who may use this access to tamper, restrict, destroy or pass another outside of the organisation or in the case of Edward Snowden, leak on the internet for the whole world to see.

There is the more recent case within the United Kingdom with Daniel Khalife, who was serving in the British Army, who is currently remanded in custody awaiting trial, due to using his insider access to collecting sensitive information on members of the British Army’s Special Forces personnel and passing them on to Iran.

This tells us that the insider threat is real and still relevant, regardless of what industry you operate within. So how do we protect, as best we can, against the insider threat?

There are several things that can be used as mitigation measures against the insider threat, such as:

  • Policies, this list is not exhaustive:
    • Access Control
    • Acceptable Use
    • Clear Desk
    • Password Policy
    • Patch Management
    • Remote Access
    • Incident Management
    • Data Classification.
  • Technical Controls
  • Active Monitoring
  • Employee Screenings
  • Employee Training
  • Regular reviews of Access list by the appropriate personnel, such as Line Management.
  • Identify vulnerable areas
  • Where required, implement physical security.

We need to understand that regardless of how many controls we implement, we will never eliminate all insider threats, its not feasible. Instead, what we can do is to implement sufficient controls and monitoring to reduce the likelihood of the insider threat attacking.

Share this Post