Insider Threat Awareness – Understanding and Mitigating the Risk of Insider Threats

Every organization is vulnerable to insider threats. As more organizations migrate their business operations to digital platforms the risk of a compromise due to an insider threat will continue to grow. Research for the latest Data Breach Investigations Report from Verizon found that 74% of data breaches involved a human element, highlighting the enduring risk both malicious and unintentional insider threats pose.  

According to the cybersecurity firm Tessian, insider threat incidents increased by 47% between 2018 and 2020. Water and wastewater utilities, specifically, have experienced multiple insider threats incidents over the past few years, such as the incident in Kansas where a former employee pleaded guilty to unauthorized computer access with intent to harm. This summer, a former water utility employee was charged for reportedly accessing the network of the utility and then purposefully uninstalled the main operational and monitoring system for the water treatment plant and then turned off the servers running those systems causing a threat to public health and safety. With September also being National Insider Threat Awareness Month, now is the time for organizations to assess their risk and implement an effective insider threat program. Proofpoint classifies insider threats as careless insiders, malicious insiders, and compromises. Despite the differences, an effective insider threat management program will help mitigate against all potential insider threats.

The best defense against an insider threat is creating an insider threat program. Some important considerations for managing insider threats include fostering a more open work environment, particularly employing positive incentives over negative ones. For instance, researchers at Carnegie Mellon University recommend that organizations leverage positive-incentive-based organizational practices centered on increasing job engagement, perceived organizational support, and connectedness at work. In addition, leaders throughout an organization should be trained to be aware of factors that put employees at risk of becoming an insider threat. More often than not, leaders are best positioned to spot and help struggling employees before they become an intentional or unintentional insider threat. Implementing frequent user awareness training is also an important consideration, treating training as a process and not a singular event can help to socialize the expectations of managing insider threats throughout an organization. Additionally, the program should consist of strict policies for identity and access management, conduct regular account auditing, and establish processes and procedures for collecting and monitoring employee data and activity. Read more at Proofpoint or at Forcepoint.