When the COVID-19 lockdowns began in March 2020, the number of remote workers surged from 9% to 77% in a matter of weeks; a transition that more than half of the firms surveyed by Iometrics and Global Workplace Analytics acknowledge they were unprepared to make.Recognizing an opportunity to exploit the crisis, cybercriminals quickly launched a massive phishing campaign targeting consumers and remote workers. According to the Cybersecurity and Infrastructure Security Agency (CISA), insider security breaches skyrocketed, increasing 47% over 2018 and driving a 31% increase in average costs to $11.45M.What could account for this massive increase in insider threats? Does working from home make employees more likely to behave like cyber criminals? The short answer? No. Malicious intent is only rarely involved.In its report, Ponemon attributes these costs to “monitoring and surveillance, investigation, escalation, incident response, containment, ex-post analysis and remediation.” Notably, the costs for investigation are growing fastest, rising 86% in only two years to average $103,798.
Find out more about BlackBerry and the BlackBerry Cylance MSSP Partners Program. Read more BlackBerry Cylance blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.
Types of Insider Threats
According to a Ponemon Institute survey, insider threats (also known as internal threats) can generally be assigned to one of three categories and cost ranges:- Compromised insiders who are often unaware that their systems, credentials, or access privileges have been appropriated by an external threat actor.
- Careless or negligent insiders who cause harm inadvertently. For example, an employee sends an email containing personally identifiable information to the wrong email address. Incidents caused by negligent insiders cost organizations the least, “only” $307,111 on average. But since they comprise 62% of reported incidents, the totals can add up quickly to as much as $4.58 million annually. Although unintentional, errors like these can seriously damage a company’s reputation and result in severe regulatory penalties.
- Criminal or malicious insiders committing acts of theft, sabotage, or espionage. Although they attract the most notoriety, criminal and malicious insiders accounted for only 23% of insider attacks cited in the survey. However, given the $755,760 average cost of each such attack, the sum can reach $4.08 million annually. Insiders like these may be motivated by financial distress or political/ religious ideology, may be seeking revenge for perceived wrongs or work conflicts, or may have been swayed by inducements from cyber-criminal and state-sponsored threat groups.
Insider Threat Detection Challenges
Risky insiders look very much like their innocent colleagues. They use networks and data to do their jobs. They’re assigned privileges and expected to use them productively. Sometimes, however, organizations can detect behavioral and digital early warning signs that an insider incident is imminent or already in progress.Behavioral Warning Signs
- Repeated attempts to evade security controls
- Flagrant violations of acceptable use policies
- Hostile outbursts aimed at colleagues and supervisors
Digital Warning Signs
- Frequently logging into company databases outside of normal work hours
- Emailing large quantities of data to external entities
- Accessing sensitive data that is not pertinent to the worker’s role and responsibilities
