Table of Contents
With rapid advancement in technologies such as Cloud computing, Artificial Intelligence, Machine Learning etc. new threats are emerging in the IT landscape. The digital ecosystem of organizations is no longer confined within the physical boundaries with gates and physical access controls. The employees can be sitting in any corner of the world and working or accessing organization systems which have given rise to internal threats as well. The risk is not just from outside but insider threats are also on steep rise.
In today’s topic we will learn about insider threat and its types, measures to prevent or detect insider threats.
Understanding Insider Threats
It is a type of cyberattack which originates from within the organization from an individual having authorized access to the network and its resources. An insider threat could be from an existing employee or a former employee, consultants, business partners. It could be intentional or unintentional. The insider threats cause risk to organization data and resources where individuals have legit access to network, data and information. Insider threat may include espionage, corruption, degradation of resources, sabotage, terrorism or unauthorized disclosure of information. insider threat could open the door to ransomware or malware attacks for hackers. Cost of insider threats in 2020 estimated to be an average of $11.45 million out of 63% of insider threats arisen due to employee negligence.
Types of Insider Threats
Let’s look at various types of insider threats in this section.
Intentional
When an individual (existing or former) purposely harms organization systems and data. Usually such intentional attacks arise due to individual notions of lack of recognition or failure in meeting expectations such as promotions, increments , bonus etc.
Unintentional
Data loss or asset loss due to error or negligence by an employee. Accidental insider threats happen due to basic mistakes such as sending company information to the wrong email address, clicking on malicious links or opening malicious attachments in phishing mails , failure to dispose or delete confidential information in an effective manner such as leaving important business documents on the printer. These threats can be avoided with reinforcement of security policies and employee’s awareness towards security. Ignorance of IT security policies, misplacing portable storage devices, weak passwords usage, ignoring patches or software updates could lead to systems left vulnerable to cyberattacks.
Third Party Threats
A business partner or contractor involvement in exposing organization data. This could happen due to intentional or malicious intent or due to carelessness or negligence.
Malicious Threats
Intentional insider threat to cause harm to organization systems and data for personal gain or out of vengeance. The aim of such an attack is to leak sensitive data, harass leadership, sabotage corporate systems or steal data to gain career advancement. Stealing data is usually done to gain financially to sell to hackers, third parties or competitors.
Collusive Threats
In this kind of threat one or more insider individuals work with external partners. Usually a cybercriminal recruits an employee within an organization to steal data on their behalf for personal financial gains.
Indications of Insider Threats
- Backdoors to enable data access – Perform backdoor scans to scan or monitor systems
- Remote access – Instances of remote access software such as TeamViewer or AnyDesk
- Changed passwords – If old password not working it could have been an insider attacker changing them to enable themselves to gain access to resources
- Unauthorized changes in firewall and antivirus tools – Settings of firewalls and antivirus tools modified without an authorized change request
- Malware – Discovery of malware, it is important to understand when and how it was installed
- Unauthorized Software – Check for any unauthorized software got installed recently
- Access attempts to servers or systems having confidential information need investigation and tracking
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
