Malicious Insider Threats Are More Complex Than You Think
Not All Malicious Insider Threats Are The Same.
Most employees have their company’s best interests at heart when they’re going about their workday duties. Unfortunately, not all employees feel that way. Malicious insider actions were responsible for an estimated 20% of confirmed data breaches in 2022. While it may not be pleasant to think about that, it is necessary for IT teams to account for the risks presented by malicious insiders. However, malicious insiders aren’t always easy to find within an organization. Worse yet, some malicious insiders are in a position to do a lot more damage than others, and that damage may be harder for IT teams to spot and handle quickly, leading to disaster.
Stop cyberattacks & save money: See why security awareness training is your best investment. DOWNLOAD NOW>>
How Much of a Problem is Insider Risk for a Business?
The choices that employees make every day have positive and negative impacts on their employers’ security. Actions by malicious insiders and mistakes by well-meaning employees are equally risky propositions for any organization. Insider risk is something that can’t be eliminated but it can be contained. That’s something every organization has to pay attention to because insider risk of all kinds is on an upward trajectory.
- Insider risk is rose by more than 40% in 2021
- More than 60% of cyberattacks are attributed to insiders
- An estimated 55% of organizations say privileged users are their greatest insider threat risk
- More than 2 out of 3 insider threat incidents are caused by negligence
- Negligent employees create over 60% of security incidents
- More than 80% of data breaches involve a human element
- About 60% of organizations say insider incidents have become more frequent in 2021
- Businesses in the US encounter about 2,500 internal security breaches daily
- Over 65% of accidental insider threats come from phishing attacks
- The average global cost of insider threat has increased by over 30%
This data was excerpted in part from our eBook The Guide to Reducing Insider Risk. DOWNLOAD IT NOW>>
Are your users ready to handle all of the risks they face daily? Make sure you’ve covered all the bases! GET A CHECKLIST>>
What is a Malicious Insider and Where Could They Be?
A malicious insider is an employee who takes actions that cause intentional harm to their employer. They’re not just rank-and-file employees either. A malicious insider can hold any position in an organization’s hierarchy, from the front desk to the C-Suite. In fact, the farther up the food chain an employee is, the more privileges they have and the more damage they could potentially cause. In general, malicious insiders at any level can cause massive damage to a company fast. More than 60% of cyberattacks are attributed to insiders. Malicious insiders are generally judicious about their targets. After all, nobody wants to get caught. There are some commonalities in the departments that are most likely to be targets of or impacted by malicious insider activity.
The Top Departments for Malicious Insiders to Target
| Finance | 41% |
| Customer Success | 35% |
| Research and Development (33%) | 33% |
Is it time to update your security awareness training policy – or create one? These 6 tips can help! DOWNLOAD NOW>>
Malicious Insiders Are Tricky to Spot
Malicious insider threats aren’t a one-size-fits-all proposition, but the 2021 Verizon Data Breach Investigations Report shows what some of the most common motivators of malicious insiders are. Some insiders are motivated by money, the most common reason that an employee chooses to act against their company. An estimated 70% of malicious insider breaches are financially motivated, chiefly through employees selling credentials or access to systems and data on the dark web. Another 25% of malicious insider incidents are caused by insiders motivated by a desire to steal corporate secrets like proprietary technology, blueprints, formulas and similar things. Around 4% of malicious insider incidents are caused by angry employees who want to damage the company. They sometimes choose to do that by deploying ransomware or deleting data. Malicious insiders may also sell or provide their access to a company to groups engaged in nation-state cybercrime operations. That typically falls into the “financial motivation” category although individuals may be driven by ideological motivations as well.
Another reason that malicious insider threats can be tricky to ferret out is that the employees involved won’t all be taking the same actions or after the same things. Fortunately, there are some actions that it is common for malicious insiders to take, giving IT teams a few red flags to look for.
The Top Malicious Insider Actions
| Exfiltrating Data | 62% |
| Privilege Misuse | 19% |
| Data Aggregation/Snooping | 9.5% |
| Infrastructure Sabotage | 5.1% |
| Circumvention of IT Controls | 3.8% |
| Account Sharing | 0.6% |
Your company’s top security risk is already inside the building. Learn how to fix it with The Guide to Reducing Insider Risk. GET IT>>
More Privilege = More Damage
While every malicious insider is a dangerous security problem, it’s safe to say that the more privileges an employee has within the company’s network, the more damage they’re capable of inflicting on that company. If that employee is security savvy or intimately familiar with their company’s security structure it can be disastrous. Those employees or super malicious insiders know exactly how their company looks for insider threats and exactly which indicators would tip off security staffers. They also know the capabilities of their employer’s security measures and security team. Sometimes, they even know how to manipulate or bypass automated and software-based security measures to avoid detection. The super malicious insider accounted for 32% of malicious insider incidents investigated in 2021.
That high degree of knowledge makes super malicious insiders significantly more dangerous than your average insider threat. Unfortunately, the incidence of insider threats from insiders with a great deal of knowledge of their company’s security is on the rise. Researchers in a recent study discovered a 32% increase in the use of sophisticated insider techniques. Some of those techniques include using burner email accounts, something just under half of malicious insiders did. Researchers also noticed a noticeable increase in the use of OSINT practices to conceal identity. A stunning 96% of security-savvy malicious insiders made sure to avoid raising red flags by avoiding techniques known in the MITRE ATT&CK framework.
Find out exactly how security awareness training makes your company safer & saves money! WATCH NOW>>
Remote Work Magnifies Insider Risk
The rise of remote work has brought a panoply of new threats for IT professionals to handle. A report in Info Security Magazine detailed the growth of insider threats from remote workers between 2020 and 2021, and the findings are not anything IT professionals want to hear. Insider threats, both malicious and non-malicious are on the rise in the remote work era. The volume of insider threats altogether that resulted from the actions of remote workers grew by just under 45% in 2021. Associated costs for handling insider threats from remote workers jumped 34%, from $11.5 million in 2020 to $15.4 million in 2021.
Remote work is ideal for malicious insiders. It gives them more time and more opportunity to act without getting caught as well as enabling them to take malicious actions that might not be possible if they were working on site. For example, researchers noted a 200% year-over-year increase in data loss caused by insiders taking screenshots in virtual meetings. Remote work also makes it harder for companies to discover that they might have a malicious insider at work. It also leads to a longer gap between discovery and containment. In 2022, it takes an average of 85 days to contain an insider incident, up from 77 days in 2020.
Learn 5 red flags that could indicate a malicious insider is at work in your organization! DOWNLOAD INFOGRAPHIC>>
Good Digital Risk Protection Mitigates All Types of Insider Risk
Strong security is essential for guarding against insider risk of any kind, and ID Agent can help. Schedule a demo of our digital risk protection platform today including:
Dark Web Monitoring with Dark Web ID
Dark Web ID – Is one of your users selling their password on the dark web right now? Don’t let cybercriminals sneak into your network to snatch your data with a compromised credential. Get the power of 24/7/365 human and machine-powered on your side monitoring employee passwords, business and personal credentials, domains, IP addresses and email addresses.
Security Awareness Training with BullPhish ID
BullPhish ID – Organizations that regularly conduct security awareness training have up to 70% fewer cybersecurity incidents. Educate staffers on how to spot threats and reinforce good security behavior with training in phishing, ransomware, nation-state threats, password safety and a variety of compliance topics with 4 new videos added per month!
Don’t just take our word for it, see what these MSPs have to say: https://www.idagent.com/case-studies/
Get ready to pack your bags for Connect IT 2022! Join us June 20-23 in Las Vegas for the industry’s premier event! REGISTER NOW>>