Insider Threats: Red Flags and Best Practices

Many businesses are finding the source of their greatest concerns are trusted employees with whom they interact every day.

The insider threat is growing, with more than half (53%) of organizations confirming insider attacks in the past 12 months and 27% stating they have become more frequent, according to a new study. High-profile incidents and news headlines have both spread awareness of the growing problem.

Ninety percent of businesses feel vulnerable to insider attacks, according to the new study by Cybersecurity Insiders. The group polled its member community of 400,000 people to learn about trends, insights, and guidance for its 2018 Insider Threat Report.

"You can see trend lines over time," says Holger Schulze, founder and CEO of Cybersecurity Insiders. "There is increased awareness not just that insider threats are real, but if and when they occur, they can be much more harmful than malicious attacks from the outside."

[Join Jean Marie Handy, senior threat researcher at Carnegie Mellon's Software Engineering Institute, for a conversation on "Detecting and Stopping Insider Data Leaks" at the INsecurity Conference, Nov. 29-30 in National Harbor, Md. Use code DR100 to save $100.] 

Not all insider attacks are malicious in nature, says Jon Heimerl, manager of the threat intelligence communication team at NTT Security. Data from the company's latest Quarterly Threat Intelligence Report indicates 25% of insider threats are hostile; the remaining 75% are due to accidental or negligent activity.

While accidental threats are more numerous, malicious insiders could cause more damage.

"A malicious insider - a guy who gets a job and does industrial espionage or gets disgruntled - those breaches tend to be bigger because they have more access to a lot of data and know exactly where to look to find data to steal," says Heimerl. "That's the problem hackers usually have. They have to find what, and where, that cool data is."

How to know if an insider threat is imminent? Many organizations are trying to figure it out. Insider threat detection is the top focus for 64% of companies, followed by deterrence methods (58%), and analysis and post-breach forensics (49%).

"Organizations realize deterrence is important, but at the end of the day they have to assume - especially larger organizations - there are active insider threats and insider attacks occurring," Schulze notes.

Here, the experts lay out red flags and best practices to help you determine when an insider threat is happening and what you can do to protect yourself. Read on for more: