Types of Insider Threat

How many types of insider threats can you name?

One? Three? Six? All of the above is likely correct, although most people would indicate one commonality in their answers: humans. Most would also separate this human threat into three categories: compromised, negligent, and malicious.

Compromised Threats

A compromised threat is the act of using another person’s credentials to access information and resources, often without the knowledge of the user. Malware is a common example of this, with viruses using whatever access the logged-on user has to the network. Specifically, hackers use phishing techniques to give themselves backdoors to systems and information they can use at will. We see this daily in our social world with hackers trying to steal personal information or identities and impersonating email addresses from relatives and friends.

Negligent (or uninformed, unaware, accidental) Threats

Companies typically put communications methods in place for employees to use such as email and instant messaging. They will also put technology in place to prevent sensitive information, (such as social security numbers or account numbers), from being sent using these methods, but users without proper security training often transmit information electronically that could either directly or indirectly expose confidential data.

People have long sent data from their work email to a personal email address so they could continue working on it at home. The document(s) are saved locally at home and sit there forever…just waiting to be stolen. These users are often just unaware of the potential impact their actions have on a business. We also see accidental deletions of files and data that could be disastrous for companies simply because the users have too much access to network resources.

Malicious Threats

Malicious employees are dangerous for many reasons. While employed, they have access to data, proprietary information, financials, etc., that if abused, could be used for personal gain or against the company. When triggered to anger, malicious employees assert  ‘revenge’ by willfully destroying or modifying data to hurt or hamper a company’s efforts in the market or its general operations. Contractors and vendors who work within a facility and have access to network resources can also provide information related to security practices or even actual data to outside sources. A high-profile example of this is a recent court case where automaker Tesla Motors sued a former employee for allegedly stealing data, claiming he wrote code that copied 300,000 files of Tesla’s Autopilot technology program for use at a competitor.

insider threat

What can I do about insider threats?

Trying to stay ahead of every possible threat could feel like a dog chasing its tail. Many technology providers offer software and/or hardware appliances that monitor and prevent certain types of intrusion, network activity, and file access. Users develop traits over time that software learns and can alert administrators when usage deviates from normal patterns, perhaps indicating a compromised user or other nefarious activity.

The education of users is important; many problems could be solved if users simply understood certain risks and the appropriate use of electronic tools. Also, using the Principle of Least Privilege (PoLP) is a good way to restrict and control access to network resources.

For as many insider threats exist, many more ways exist to prevent (or at least dissuade) them. Best practice is to have good backups and keep copies of data offsite, as your data—application data, customer data, or otherwise—is the heart of your business. Many of the threats mentioned in this post introduce malware or ransomware to an environment and involve the destruction or encryption of data. Backups should always be the first line of defense against data loss, and because of their value, they are often a target for a cyber attack. Keeping that data offsite is imperative.

Global Data Vault, a platinum Veeam Cloud & Services Provider, has helped companies recover from insider threats and attacks by maintaining secure backups. We have developed, and put in place, technologies to separate data from insider threats. In addition, we partner with cyber security company BitLyft to monitor and respond to suspicious behavior across our infrastructure, and we extend that perimeter to the backup data on-premises at your location.