What are the common types of insider threats?
Insider threats can have a number of different objectives and motivations. Here are the six most common types of insider threats:
1. Negligent workers
Many organizations focus their insider threat management programs on addressing insiders with malicious intent; however, negligence is more common. In fact, 60% of data breaches involving an insider are primarily unintentional.
These types of insider threats take actions that unintentionally place the organization at risk. For example, an employee may leave an unencrypted mobile device or laptop containing sensitive data unattended where it could be stolen. These insider threats do not act out of malice but still place the organization at risk.
2. Departing employees
Employees departing a company, both voluntarily and especially involuntarily, are another common insider threat that organizations face. In this case, the most common threat is that of data theft, particularly with involuntary employees or those anticipating a departure. Involuntarily departing employees, as well as those anticipating departure, post the greatest threat.
While any intellectual property or company data generated or used by an employee belongs to the company, it is not uncommon for employees to consider their creations to be their own property. In fact, one-third of employees say it is common for workers to take data from their previous employer to their next position. This data theft can dramatically weaken an organization’s ability to compete in the marketplace.
3. Security evaders
Security policies and controls are designed to help protect the company, its data, and its employees. However, these rules are often viewed as inconvenient and a hindrance to employee productivity.
As a result, employees may use security workarounds to make their lives easier. For example, restrictions on data sharing could be bypassed by saving files to a personal cloud drive. However, these workarounds can destroy an organization’s visibility into and control over its data and leave it open to compromise (intentional or otherwise).
4. Malicious insiders
Malicious insiders are the focus of many organizations’ insider threat programs, but they are actually less of a problem than negligent employees. Malicious insiders are insiders that have a grievance against a company and choose to act on it. This could include leaking, modifying, or deleting sensitive data or performing other acts of sabotage.
5. Inside agents
Inside agents are insiders that work on behalf of an external group to carry out a data breach or other attack. These insiders can be malicious, may be tricked via social engineering, or could be coerced through bribery or blackmail. This type of insider threat is dangerous because it provides an outside group with the access and privileges of an insider.
6. Third party partners
The term “insider threat” causes most organizations to focus their attention and security efforts on their employees. However, not all “insiders” are on the payroll.
94% of organizations provide their vendors, suppliers, partners, etc. with access to their networks and their systems. In 72% of cases, these third parties have elevated permissions on these systems. These external parties can pose the same risks and cause the same damage as an organization’s employees with similar access.