There is an understandable and necessary focus on cybersecurity threats from external bad actors. But the risks from insider threats can’t be overlooked when thinking about security. As the name suggests, insider threats are cybersecurity risks from people inside an organisation. Insider threats originate from people with access to IT systems as part of their job function, at a user level or a privileged level if a system admin or a user of systems with critical or sensitive data.

Halodata: Insider Threat Report 2022 – Singapore Edition

Insider threats are more widespread than you might expect. The Insider Threat Report 2022 — Singapore Edition report we released last year outlined that 90% of organisations we surveyed felt vulnerable to insider threats, and close to half would not deny that they had experienced an insider threat incident.

The fact that only 10% of those asked could state that they didn’t feel vulnerable to insider threats shows that much work is needed to mitigate the danger. This is problematic as insider threats are hard to spot with solutions focused on external threats. Plus, staff using personal devices to copy enterprise data for work offline and out of the office are, by their very nature, not monitored.

Addressing insider threats requires organisations to have dynamic policies and solutions that operate in real-time 24×7 to detect abnormal activities on the network and IT systems. Solutions that build risk profiles of users and their typical use of applications and data are essential. Halodata’s solutions from vendors CoSoSys, Apricorn, Kanguru, and senhasegura provide Enterprises with proactive monitoring and threat detection tools that span online and offline operations and activities by staff. Using these tools and best practices allows organisations to reduce the threat from insiders significantly.

We have two articles that go into this topic and the findings from the 2022 report in depth:

• Insider Threats: A Growing Concern for Enterprise IT Security
• Insider Threats: What’s Holding Enterprises Back?

Read those articles and the 2022 report, then contact us to chat with experts who can help you mitigate your insider threats. Read on for a high-level overview of types of insider threats.

Types of Insider Threats

Insider threats fall into two broad types: intentional and unintentional. In the former type, employees with authorised access to systems set out to steal data, cause disruption, or provide access to unauthorised third parties with malicious intent or financial gain in mind. For the latter (unintentional) insider threats, the cause is typically user error rather than malicious intent.

Malicious Insider Threats

This type of insider threat is what most people think of when considering this topic. It is an activity carried out by anyone with authorised access to IT systems and data in which they seek to misuse their access for financial gain, data theft, or to disrupt operations. Malicious insider threat attack types include:

• Data theft – to sell to competitors or on the dark web.
• Financial fraud – for example, transferring funds to unauthorised accounts or paying dummy invoices.
• Sabotage – via disgruntled employees or staff bribed by competitors.
• Espionage – State-backed activity to steal intellectual property or disrupt critical infrastructure services.
• Malware introduction – financial gain for staff members via the paid introduction of malware into systems via USB drives and other methods.
• Credential leaking – intentional leaking or selling of authentic login accounts and related information.

Malicious insider threats can result from a single person with access, or they can result from multiple people colluding together to deliver the detrimental outcome they desire. Those performing malicious threats can be current employees, past employees (if their access wasn’t revoked when they left the organisation), contractors, or anyone from business partners or suppliers with access to fulfil a role.

Negligent Insider Threats

Negligent insider threats result from human error but are just as serious as malicious threats. People make mistakes, which you must factor into every cybersecurity defence strategy. Examples of this type of threat include:

• Exposing sensitive information in public settings – either by having it on a laptop or mobile device screen that is not locked when not in use or by leaving printed pages in a public location.
• Clicking phishing links – clicking on links in phishing emails (or other messaging systems) is still a significant source of cyberattacks gaining a foothold on IT systems.
• Information leakage – accidentally divulging sensitive data or other protected information to people not authorised to have it. A common example is sending an email to the wrong recipients.

Sources:

1. Insider Threat Report 2022 – Singapore Edition, Halodata, June 21, 2022, https://halodata.asia/SG-insider-threat-report