Digital Forensics Dispatch
Digital Forensics Blog
by Sensei Enterprises, Inc.
Insider Threats: Who are they? What are they?
November 4, 2021
Rob Ellis of Security Boulevard recently published an article about some of the common types of insider threats. Insider threats come from actors who have legitimate access to some or all the data within the organization, such as employees, business partners or contractors. According to the Verizon 2021 Data Breach Investigation Report executive summary, among small businesses, inside threat actors accounted for 44% of breaches. That number among large businesses, which have been categorized as having over 1,000 employees, is at 36%.
Ellis lists four categories as the main goals of inside threat actors: fraud, sabotage, espionage/spying, and IP (intellectual property) theft. In addition to identifying the goals of inside threat actors, Ellis classifies inside threat actors into five categories. The first is malicious insiders, an actor or group of people who have a grievance against the company and they try to take things into their own hands. Ellis gives the example of an employee leaking a policy or sensitive company data.
The second identified group is careless employees. Ellis writes “[negligent] employees are found in almost every organization and sometimes they are just not aware of the many security implications that their behaviors pose to the company.” A careless employee example could be leaving computers unlocked when they step away from them, leaving company data accessible to anyone who walks by.
Next are the third-party partners. These partners are often the other parties that a business outsources services to. If the third-party has access to secured areas of a network or access to a secured area such as a server room or data center, it is possible that threat actors could gain inside access through these partners.
Ex-employees are identified as inside threat actors. These are people who had legitimate access to company resources when they were employed and if the out-processing of the employee is not handled with care and their access to data is not revoked, it is certainly possible that they can access that data and use it for nefarious purposes or steal confidential information from the company.
The last actors are policy evaders. Ellis identifies these actors as “the group of employees who like to take shortcuts when it comes to following security policies and protocols.” Often, policies are put in place for a reason and by not following or loosely following the policies, there is a possible security risk and that could lead to a loss of data or even a breach of company security.
To close the article, Ellis gives a few tips and pointers on how to best manage insider threats. Much of this relies upon educating employees on good cybersecurity practices and policies.
Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology