The risk posed by insider threats is increasing. Organizations routinely fall victim to cyber attacks due to both intentional and unintentional insider threats. There are two broad categories of insider threats: the malicious insider and the unwitting asset. Malicious insiders can be motivated by financial or political factors or be driven by personal grievances against an employer. They also may be a disgruntled former employee. While malicious insiders have negative intentions, unwitting assets are also a concern. These are individuals who fall victim to a social engineering attack and unknowingly lead to a compromise. In fact, one of Cisco’s employees fell victim to a social engineering attack and became an unwitting asset for a threat actor that was able to compromise the company.

To protect your utility against insider threats, it is highly recommended to establish an insider threat program. The program should consist of strict policies for identity and access management, conduct regular account auditing, establish processes and procedures for collecting and monitoring employee data and activity, and implement regular user awareness training. With September being National Insider Threat Awareness Month (NITAM), now is the perfect time to strengthen your security posture against insider threats. For additional information on insider threats read more at Cisco’s Talos Intelligence.