6 Types of Insider Threats

Risk Glossary

60% of data breaches in 2020 involved an "insider," but because many companies focus data security programs only on malicious actors when designing an Insider Threat Program, only 10% of the budget is dedicated to dealing with this threat.

It's no surprise, then, that breaches involving insiders is only going up each year despite the focus on "insider threat."

The issue is that the problem is much larger than what malicious actors intentionally do. Effective cybersecurity risk management requires a clear understanding of the types of insider threats that an organization may face.

What are insider threat categories?

Insider threats can have a number of different goals, and different types of insider threats can have different goals. Some of the main categories of insider threats include:

Sabotage

The insider uses their legitimate access to damage or destroy company systems or data.

Fraud

The theft, modification, or destruction of data by an insider for the purpose of deception.

Intellectual Property Theft

The insider steals the company’s intellectual property, often for resale or to take with them to a new position.

Espionage

The insider threat is stealing information for another organization, such as a competitor, government, etc.

What are the common types of insider threats?

Insider threats can have a number of different objectives and motivations. Here are the six most common types of insider threats:

1. Negligent Workers

Many organizations focus their insider threat management programs on addressing insiders with malicious intent; however, negligence is more common. In fact, 60% of data breaches involving an insider are primarily unintentional.

These types of insider threats take actions that unintentionally place the organization at risk. For example, an employee may leave an unencrypted mobile device or laptop containing sensitive data unattended where it could be stolen. These insider threats do not act out of malice but still place the organization at risk.

2. Departing Employees

Employees departing a company, both voluntarily and especially involuntarily, are another common insider threat that organizations face. In this case, the most common threat is that of data theft, particularly with involuntary employees or those anticipating a departure. Involuntarily departing employees, as well as those anticipating departure, post the greatest threat.

While any intellectual property or company data generated or used by an employee belongs to the company, it is not uncommon for employees to consider their creations to be their own property. In fact, one-third of employees say it is common for workers to take data from their previous employer to their next position. This data theft can dramatically weaken an organization’s ability to compete in the marketplace.

3. Security Evaders

Security policies and controls are designed to help protect the company, its data, and its employees. However, these rules are often viewed as inconvenient and a hindrance to employee productivity.

As a result, employees may use security workarounds to make their lives easier. For example, restrictions on data sharing could be bypassed by saving files to a personal cloud drive. However, these workarounds can destroy an organization’s visibility into and control over its data and leave it open to compromise (intentional or otherwise).

4. Malicious Insiders

Malicious insiders are the focus of many organizations’ insider threat programs, but they are actually less of a problem than negligent employees. Malicious insiders are insiders that have a grievance against a company and choose to act on it. This could include leaking, modifying, or deleting sensitive data or performing other acts of sabotage.

5. Inside Agents

Inside agents are insiders that work on behalf of an external group to carry out a data breach or other attack. These insiders can be malicious, may be tricked via social engineering, or could be coerced through bribery or blackmail. This type of insider threat is dangerous because it provides an outside group with the access and privileges of an insider.

6. Third Party Partners

The term “insider threat” causes most organizations to focus their attention and security efforts on their employees. However, not all “insiders” are on the payroll.

94% of organizations provide their vendors, suppliers, partners, etc. with access to their networks and their systems. In 72% of cases, these third parties have elevated permissions on these systems. These external parties can pose the same risks and cause the same damage as an organization’s employees with similar access.

Managing the risk of insider threats

Insider threats – due to their unique access to a company’s data and resources – pose a serious threat to an organization’s cybersecurity. This makes them a common focus of cybersecurity risk management programs.

However, when developing a risk management strategy, it is important to make sure that you are focusing on and addressing the real problems.

To learn how to design an effective insider threat program, check out this article.

Critical Considerations When Building an Insider Threat Program

As you start building or maturing your insider threat program, learn how to focus on unique opportunities and challenges in your organization.

Read the article