According to the Department of Homeland Security, insider threats often result in theft or destruction of data or the compromise of networks, communications or other information technology resources.
Insider threats are on the rise, according to a study from The Ponemon Institute, sponsored by ObserveIT and IBM. The number of insider-caused cybersecurity incidents increased by 47 percent since 2018. The average annual cost of Insider Threats has also skyrocketed in only two years, rising 31 percent to $11.45 million.
As COVID-19 has forced organizations to suddenly halt operations or institute work-from-home initiatives, there is greater opportunity for security incidents and greater data security responsibility with less direct oversight. Remote work poses its own challenges for enterprise risk managers, as well, such as addressing evolving vulnerabilities and threats unique to new environments. One area that will need to be monitored now more than ever is that of the insider threat, argue many enterprise security leaders.
According to Insider Threat experts, being able to detect, mitigate and deter insider threats the approach must be a holistic balance between good cyber and security hygiene and programs. While many companies were forced to adapt quickly during the COVID-19 pandemic, one of the primary challenges they needed to address was allowing employees to work remotely. To keep business operations running continuously, organizations may rely on technology that is the easiest to use and offers the lowest barrier to entry.
New research released by the Ponemon Institute reveals a dramatic increase in both the frequency of insider threats and their financial cost to businesses. The trend has continued upward in 2019 and is anticipated to climb to unprecedented numbers in 2020.
Negligent employees or contractors, who were found to have caused 62% of insider threats, created the highest financial burden of the profiles, costing an average of $4.58m per year.
Malicious criminal insider threats were found to have occurred with the least frequency, making up just 14% of incidents. The financial ramifications of this rarer threat type were still significant, with researchers recording a per-incident cost of $756K and annual losses of $4.08m.
The insider threat costs organizations billions of dollars every year. It is arguably the biggest threat to the U.S. (and global) economy, global security and critical infrastructure.
One of the most alarming insider threats trends are often lurking in plain sight, working for corporations and institutions that would be aghast if they knew who they were employing.
Reporting is key to helping identify, mitigate and deter potential insider threats. If you see something that doesn’t feel or look right, report it!