IS Decisions logo

IS Decisions Blog

Better understanding the insider threat

A huge percentage of breaches involve internal users. But the insider threat is often either not well understood, or underestimated. Here's what to know.

Updated October 17, 2023
Better understanding the insider threat

Here's the reality: many, if not most, security breaches involve internal users in some way. This risk is known as the insider threat. Creating a culture of cybersecurity with and for your employees is paramount in helping to safeguard your company against insider threats.

It's a well-known fact that cyberspace cannot be secured without the help of all users.

We spoke with Greg Cullison, who was at the time the Senior Executive of Security, Suitability & Insider Threat programs at Big Sky Associates. We discuss how creating a culture of cybersecurity at work helps organizations tackle their weakest link: employees.

Definition of an insider threat

“In our industry, insider threat is essentially any threat that relates to information on the network, and it could be either a malicious act or due to just plain negligence. Insider threats can follow three channels. The most common is the employee who has legitimate access to the system and data as part of their job. Then there is the outside worker who is temporarily contracted to do a job within the company. And finally, there is the "outside insider" who gains access to the network through the acquisition of passwords or a lost device such as a laptop or USB stick.”

Targeted information

“If you look at it from a data perspective, every organization has some type of data that makes it unique this could be a customer list or a business strategy anything that has economic value or is a financial driver. So no organization is immune from insider threat.”

Protection against the insider threat

“Training is as important as is having the right security software in place. However, there should be a collective responsibility in protecting company information. This is where we bring in process improvement. Our strength is in process improvement projects where we look at what has been missed. By uniting processes and merging functions you can address issues more effectively. For example with IT and HR working together, you can have a policy in place to monitor an employee who might have been flagged as having grievances or performance issues.”

“Organizations should get all the right stakeholders in one room to really understand what they are trying to achieve in terms of security and from there create a robust insider threat program that is part of the business process.”

Company training to tackle insider threats

“Training is a staple in every organization. But often after employees go through security training, they sign a form and the task is done. This is not enough companies should follow up on training because here is where the danger lies if there are no reminders. Organizations have to understand what they need to achieve and then set policies in place to meet these objectives.”

“Repeated training can be quite boring and attendance is in no way a measurement of effectiveness. So training needs to be part of the overall process improvement so we recommend exercises with employees where someone poses as an insider and does activities to really test out your system.”

Industry regulations and compliance for internal security

“In the U.S., there is a lot of regulation and in industries that have personal and public involvement like in healthcare, it is taken very seriously. New malwares are being written everyday and from a legal perspective, organizations can often say that they were compliant in line with government regulations but that does not necessarily stop a breach. Media coverage on beaches also gets organizations to take notice of compliance because if there is a breach, they don’t want the same thing to happen to them. Talking to organizations about compliance and risk in terms of revenue losses helps them relate to it better.”

So most organizations meet regulation needs but they should do more than that they should make risk management part of the whole-company strategy. Everyone should know what to do in the event of a breach.”

When it comes to protecting against the insider threat, a joined up approach of better user education, process and technology solutions across the whole enterprise helps best protect an organization against the insider threat. 

Try UserLock for free

  • 30-day trial
  • Full technical support
  • No credit card required
UserLock screenshot