Return to Blog

Insider threats have long been a concern for businesses and the situation is only becoming more complex as technology evolves and cyber threats become more sophisticated. To help organisations understand and mitigate the risks associated with insider threats in 2023, we’ve created this comprehensive guide.

In this blog, we’ll be examining the various types of insider threats organisations can expect to see in 2023, analysing the potential impact of these threats on businesses, and offering recommendations for identifying and mitigating them.

Definition and Impact of Insider Threats

Insider threats are security incidents caused by individuals within an organisation, including employees, contractors and third-party vendors. These individuals have access to sensitive information and systems which they can exploit for malicious purposes or by accident.

Insider threats can have significant financial, reputational and operational impacts on a business. For example, a data breach caused by a malicious insider can result in large financial losses, damage to the company’s reputation and disruption to business operations.

Types of Insider Threats to Expect in 2023

Malicious Insider Threats

Malicious insider threats are security incidents caused by individuals who intend to cause harm to the organization.

This type of threat is especially dangerous because the individual has access to sensitive information and systems, which they can use for malicious purposes.

In recent years there have been several high-profile Malicious Insider Threats including the theft of trade secrets, which happened to General Electric in July 2022 when they learned an employee had stolen over 8,000 sensitive files in a breach spanning 8 years because he wanted to start a rival business[1].

Let’s not forget the case of an employee who took revenge after a redundancy – which happened to Georgia-Pacific, a paper manufacturer.  One of their former employees logged in using his (still valid) credentials and installed his own software that caused delays that cost the business over $1m in missed deadlines[2]

As technology evolves, so too do the techniques used by malicious insiders. It’s important for organisations to stay vigilant and keep their defences up to date to prevent these types of threats.  Defences don’t just mean firewalls and email security either – defences include access controls and Data Loss Prevention too.

Accidental Insider Threats

Accidental insider threats are security incidents caused by individuals who do not intend to cause harm to the organization but do so as a result of their actions.

They can result from simple mistakes, such as sending an email to the wrong recipient, or from a lack of understanding of security best practices.

There have been numerous cases of accidental insider threats in recent years, including the loss of sensitive information due to unencrypted devices or misconfigured cloud storage services.  A recent high-profile, accidental insider threat comes from Microsoft themselves.

Back in 2020, an investigation by the Comparitech Security Research Team revealed that Microsoft had accidentally left 250 million customer records (including IP Address, Location, email addresses and more) were exposed online in a databased wit no password protection – for 14 years.[3]

As organisations continue to adopt new technologies and processes, the risk of accidental insider threats will likely increase. It’s important for organisations to educate employees through Security Awareness Training and implement appropriate controls to prevent these types of incidents.

External Insider Threats

External insider threats are security incidents caused by individuals who have access to an organization’s sensitive information and systems, but who are not employees or contractors.

This type of threat is especially dangerous because the individual may not have a direct relationship with the organisation and may be more difficult to detect.

An example of a recent External Insider Threat is the theft of sensitive information by malicious third-party vendors, as was the case with Marriott Hotels back in January 2020.  Hackers exploited credentials of two Marriott employees and hacked a 3rd party program used to deliver services to guests.  This allowed them to steal over 5 million guest records which included a variety of Personal Identifiable Information.  The ICO fined them over £18m as a result. [4]

As organisations continue to rely on third-party vendors and partners for essential services, the risk of external insider threats will likely increase. It’s important for organisations to implement appropriate controls and perform thorough due diligence on third-party vendors to prevent these types of incidents.

Analysis of the Potential Impact of Insider Threats on Businesses

Financial Impact

Insider threats can have a significant financial impact on a business. The direct costs associated include expenses related to the investigation of the incident, as well as any legal fees or compensation claims that may arise. Indirect costs include the loss of productivity and revenue that result from the disruption of business operations, as well as the cost of restoring systems and data to their pre-incident state.

Reputational Impact

In addition to the financial impact, insider threats can also damage a company’s reputation. Negative publicity from a security breach or data leak can erode customer trust and loyalty, making it more difficult for the company to attract new customers and retain existing ones. The long-term effects of reputational damage can be significant, affecting the company’s financial performance for years to come.

Impact on Operations

Insider threats can also disrupt business operations, leading to lost productivity and missed opportunities. For example, a malicious insider who gains access to sensitive information could use it to harm the company or its customers. An accidental insider who inadvertently exposes sensitive information could cause just as much harm. In either case, the result can be a loss of confidence in the company’s ability to protect sensitive information, leading to a decline in business performance.

Recommendations for Identifying and Mitigating Insider Threats

Security Awareness Training

One of the most effective ways to mitigate insider threats is to educate and raise awareness among employees. Security Awareness Training can help employees understand the risks of insider threats and the steps they can take to prevent them. This can include training on secure work practices, as well as regular security awareness briefings to keep employees informed of the latest threats and best practices for avoiding them.

Access Controls

Another key aspect of mitigating insider threats is to implement strong access controls. This includes controlling who has access to sensitive information, as well as monitoring access patterns to identify and prevent any potential threats. Access controls should be tailored to the specific needs of each business and should consider the type of information being protected, the number of employees within the company and the nature of their work.

Incident Response and Recovery

In the event of an insider threat, having an incident response and recovery plan in place can minimise the impact and speed up the recovery process. This plan should include steps for identifying and containing the threat, as well as procedures for restoring systems and data to their pre-incident state. The plan should also include regular testing and updating to ensure that it remains effective and relevant.

Summary

In this guide, we have highlighted the various types of insider threats that organisations can expect to encounter in 2023: malicious, accidental, and external insider threats. We have also analysed the potential impact of these threats on businesses, including financial losses, reputational damage and disruptions to operations.

To mitigate these risks, organisations must implement a comprehensive security program that includes measures for identifying, preventing, and responding to insider threats. This includes regular security awareness training for employees, strict access controls, and thorough due diligence when working with third-party vendors. Additionally, organisations should invest in the latest security technologies, such as Data Loss Prevention (DLP) and advanced threat detection systems, to help protect sensitive information from insider threats.

In conclusion, insider threats are a major concern for organizations in 2023 and we cannot stress enough the importance of being proactive in addressing these risks. By staying informed, implementing appropriate controls and investing in the latest security technologies, organizations can effectively mitigate the risks associated with insider threats and protect their sensitive information.

Additional Reading:

[1] https://www.justice.gov/usao-ndny/pr/former-ge-engineer-sentenced-24-months-conspiring-steal-trade-secrets

[2] https://www.theadvocate.com/baton_rouge/news/courts/article_7f6ea818-f488-11e6-bada-eb1757011f89.html

[3] https://www.forbes.com/sites/daveywinder/2020/01/22/microsoft-security-shocker-as-250-million-customer-records-exposed-online/?sh=395f06704d1b

[4] https://www.bbc.co.uk/news/technology-54748843