Trusted Insiders: The Hidden Risk Lurking Within Your Organisation

Trusted insiders already have legitimate access to your systems and data, which makes them a hidden but serious risk. This article explains the main threat types, the impacts they can cause, and why a proactive insider risk program needs people, process and technology working together.

Understanding the threats posed by trusted insiders and how you can protect your most sensitive and important information

In today's interconnected world, organisations face numerous external threats to their sensitive information and systems. However, one of the most significant and often overlooked risks comes from within: trusted insiders. A trusted insider is an individual who, due to their roles and responsibilities, has access to the most critical and confidential parts of your organisation.

Key takeaways

• Trusted insiders already have legitimate access, which makes misuse harder to detect.
• Insider threats are usually either malicious or non-malicious, and both can cause serious harm.
• A proactive insider risk program needs executive support, people, process and technology working together.

Who Are Trusted Insiders?

Trusted insiders can be employees, contractors, business partners or anyone else with legitimate access to your organisation's systems and data. They often possess a deep understanding of your operations, systems and security measures, making them uniquely positioned to cause harm, whether intentionally or accidentally.

The most common type of trusted insider who causes harm is an employee.

Types of Insider Threats

Insider threats can generally be categorised into two types:

1. Malicious insiders: These individuals intentionally exploit their access for personal gain, such as stealing sensitive information, committing fraud or sabotaging systems. Their motives can range from personal financial gain to sabotage on behalf of a foreign state actor or competitor, through to personal revenge.

2. Non-malicious insiders: Also called negligent insiders, these people are often unaware of the potential consequences of their actions. Non-malicious trusted insiders unintentionally expose their organisation to risk through careless actions, such as clicking on phishing links, mishandling sensitive or confidential data or failing to follow security protocols.

According to DTEX Systems' 2024 Insider Risk Investigations Report, 15% of departing employees take sensitive intellectual property with them while 76% take non-proprietary information.

To understand the types of insider threats, it is helpful to look at some of the most common malicious acts committed by trusted insiders, including:

• Data theft or exfiltration: Common examples involve employees stealing sensitive and confidential company information such as intellectual property, trade secrets and customer lists for personal gain, such as helping them secure their next role, starting a competing business, assisting a hostile state actor or selling the information to a competitor.
• Sabotage: This often involves a disgruntled employee seeking revenge, or a trusted insider who has been planted by a hostile foreign state or competitor to commit sabotage. The trusted insider causes intentional damage to systems and data, such as deleting databases or introducing malware.
• Collusion: This is a growing risk to organisations, especially those operating in emerging technology markets and competitive industries. Trusted insiders work with state-sponsored actors, cyber criminals or competitors to compromise systems and steal sensitive information.

The financial services, healthcare and technology sectors report higher rates of insider threats due to the sensitive nature of their data.

The good news

Research from Ponemon and the CERT Insider Threat Centre highlights that 60-70% of insider threats are due to negligence rather than malice.

The Impact of Insider Threats

There can be many impacts to an organisation when an insider threat materialises and the consequences can be devastating, including:

• Financial losses: Theft of intellectual property, sensitive data breaches and fraud can lead to significant financial losses.
• Reputational damage: Public disclosure of cyber security incidents, data breaches and information theft can erode trust with customers, partners and stakeholders.
• Operational disruption: Insider attacks can disrupt critical operations, resulting in downtime and reduced productivity.
• Competitive disadvantage: Stealing commercially sensitive information can undermine an organisation's edge and help competitors gain an unfair advantage.
• Legal and regulatory penalties: Failing to protect sensitive information can lead to legal and regulatory action, including fines, for non-compliance with data protection and privacy regulations.

Time for change

Historically, organisations have used various IT tools to manage risks like data exfiltration. Today, many organisations still treat insider risk as an IT problem, addressed mainly with technical solutions.

A purely technical approach often overlooks the human and behavioural aspects of insider threats and often only detects the issue after the event, at best. Data exfiltration is an organisation-wide issue that needs a comprehensive strategy involving people, processes and technology. Organisations must adopt a holistic approach to data security, addressing behavioural and cultural factors alongside technological solutions to mitigate insider risks.

A proactive insider risk program is one that is supported at the highest level, uses an organisation-wide approach that acknowledges employees are central to insider risk and utilises both technical and non-technical solutions to manage insider risks more effectively.

Why a Proactive Insider Risk Program is Essential

Proactively managing insider risks is crucial for safeguarding your organisation's most valuable assets. Imagine if you could detect suspicious or concerning behaviour as it evolves and before the incident occurs?

A comprehensive insider risk management program can help you:

• Recognise the risk: An insider risk management program can elevate this crucial risk to the executive level, making it an organisation-wide concern rather than just an IT issue.
• Identify and mitigate risks earlier: By continuously assessing and monitoring trusted insider activities, you can identify potential risks earlier and implement measures to disrupt and mitigate them to reduce their impact.
• Enhance security posture: A proactive approach ensures that your security measures are robust and up to date, reducing the likelihood of insider threats.
• Foster a culture of trust and security: Educating employees about the importance of data security and their role in protecting sensitive information can help create a culture of vigilance and accountability.

Protect Your Organisation from Within

Insider threats are a significant risk to most organisations, but with the right approach, they can be effectively managed and mitigated. By understanding the threats posed by trusted insiders and implementing a proactive insider risk management program that takes an organisation-wide approach, has executive sponsorship and recognises the importance of both technical and non-technical solutions, you can help your organisation become more proactive in protecting your most sensitive and important information.

FAQ

What is a trusted insider?

A trusted insider is someone with legitimate access to an organisation's systems and data who can cause harm intentionally or accidentally. They may be employees, contractors or business partners.

What are the main types of insider threats?

The two main types are malicious insiders and non-malicious insiders. Malicious insiders deliberately misuse access, while non-malicious insiders create risk through negligence, carelessness or failure to follow security protocols.

Why are insider threats often missed?

They are often missed because organisations treat insider risk as a technical issue alone. A purely technical approach can overlook the human and behavioural factors involved and may only detect the issue after the event.

How can organisations reduce insider risk?

Organisations can reduce insider risk by using a holistic program that combines people, process and technology, supported at the executive level and aligned to both technical and non-technical controls.