The rise of insider threats in the IT and security industry has been a major cause of concern for leaders in these fields. Insider threats are difficult to detect, expensive to mitigate, and can result in significant damage to a company’s reputation. Despite ongoing efforts to address insider threats, global risks and economic pressures continue to fuel their occurrence. While there is no foolproof solution to prevent insider threats, organizations can make a real difference by focusing on culture, engagement, and empowerment.
When one thinks of insider threats, the infamous case of Edward Snowden often comes to mind. Snowden’s actions, which resulted in the largest intelligence leak in history, have shaped the way insider threats are perceived. They are often portrayed as malicious individuals, either covertly sabotaging a company or acting as whistleblowers. However, in reality, most insider threats are caused by well-meaning employees who make mistakes or take shortcuts when it comes to security.
Studies have shown that these mistakes can range from something as simple as clicking on a phishing link to using unapproved AI tools. For example, a study conducted by Stanford University revealed that one in four employees admit to clicking on a phishing link. Additionally, our latest CyberArk Identity Security Threat Landscape Report found that 63% of security professionals reported increased risk due to employees using unapproved AI tools. Even legitimate AI use can lead to significant risks, as demonstrated by reports of a Microsoft AI team accidentally leaking 38TB of company data while contributing open-source AI learning models to a public GitHub repository. Moreover, employees often use personal devices to access company resources, violating corporate policies and unintentionally becoming insider threats.
It’s not just employees who pose a risk; third-party partners, consultants, and service providers who have access to sensitive corporate resources can also become unwitting or even malicious insider threats. The infamous Target breach was one of the first instances that shed light on the potential risks posed by third-party insiders. These individuals, despite having valid access for their respective roles, can set off a ripple effect of damage throughout interconnected digital ecosystems. As a result, security professionals now consider third parties to be one of the riskiest human identities.
Building a strong cybersecurity culture within organizations is essential to mitigate insider threats. According to the 2023 Verizon DBIR, 74% of all breaches involve the human element, whether through error, privilege misuse, use of stolen credentials, or social engineering. This underscores the importance of focusing on people alongside technology. As management consultant Peter Drucker famously said, “Culture eats strategy for breakfast.” Creating a cybersecurity culture requires effort from everyone within an organization.
Management plays a key role in setting the right tone, modeling secure practices, and driving cross-functional collaboration. They should also define processes to identify and address risky behaviors while delivering ongoing education and positive reinforcement that fosters trust and changes attitudes and habits. However, a recent Wall Street Journal report suggests that managers often miss opportunities to strengthen cybersecurity culture. Over-reliance on technology, failure to test incident response procedures, and annual check-the-box training are common shortcomings identified in the report. Given that the average data breach now costs $4.45 million, organizations must prioritize maintaining a security-first culture throughout the entire organization.
Employees and third-party users also need to understand the importance of cybersecurity hygiene and actively participate in mitigating insider threats. This requires reflecting on their own habits that may contribute to organizational risk, such as using unauthorized web apps, allowing family members to use corporate devices, or neglecting to protect credentials. Employee engagement is crucial, and organizations should provide regular training and awareness programs that educate workers about the ever-evolving attack landscape and common social engineering techniques like phishing, vishing, and smishing.
Encouraging bystander engagement is another valuable approach to mitigating insider threats. If an employee notices something suspicious, they should feel empowered to report it. However, this requires organizations to develop safe reporting methods that ensure anonymity and protect whistleblowers from potential retaliation. It is also important to establish clear signs and behaviors that may indicate potential internal threats and communicate transparent rules that reinforce personal accountability.
Other strategies to mitigate insider threats include implementing policies for compliance, separating duties, and dedicating resources to handling and analyzing insider threat information and activity. Technology can also play a vital role in mitigating insider threats when properly configured to address security gaps. For example, machine learning tools with adaptive security capabilities can help organizations baseline user behaviors and reduce false positives in detecting cyber anomalies.
In conclusion, insider threats are a significant concern for IT and security leaders. Mitigating these threats requires a multi-faceted approach that encompasses culture, engagement, and empowerment. Organizations must foster a strong cybersecurity culture from the top down, with management setting the right tone and modeling secure practices. Employees and third-party users must be educated about the risks and actively participate in mitigating insider threats. Encouraging bystander engagement and implementing clear reporting methods is also crucial. By taking these proactive measures and leveraging technology effectively, organizations can enhance their defenses against insider threats and safeguard their critical assets.