Proofpoint closes acquisition of Tessian.

Request a demo
Request a demo
Request a demo
Request a demo
Request a demo

Examples of Real Insider Threats And How to Manage Them

Tessian • Tuesday, March 22nd 2022

Insider threat management is something every security leader should have a plan for. Why? Verizon’s 2022 Data Breaches Investigations Report found that 82% of data breaches involved a human element, either exposing or exfiltrating data directly, or by a mistake that enabled cyber criminals to access the organization’s systems. 

Digital insider threats can be incredibly disruptive, and see your data, IP or other sensitive company information leave your organization with just a few clicks. That can be either maliciously exfiltrating information for some sort of financial or gain, or just simple carelessness and neglectfully sending something to the wrong person.

Different types of insider risks

Malicious Insider risks: According to the Ponemon Institute’s Cost of Insider Threats Report, malicious insider risks account for 13.8% of insider threats in 2020. Malicious threats usually attempt to exfiltrate critical company data, such as customer records, sales information, intellectual property, or financial records. The type of data stolen, often depends on the individual’s circumstances.

If they’re leaving for a rival firm, they might take sales information or internal pricing intel to sweeten their arrival at the new role. Sometimes the gain is monetary, selling company intel to third parties or even nation states. And finally, there’s good old fashioned vengeance – disgruntled employees who’ve been let go from a company but still have access to systems can sometimes resort to sabotages. See real examples of malicious insider risks here, as well as how to stop them.

Negligent insider risks: The Ponemon report cited above found negligent Insiders are the most common types of threat, and account for 62% of all incidents. After all, not everyone has malicious intent, but everyone is capable of making a mistake on email. While both types of insider risks are dangerous, Malicious insider threats can sometimes be much harder to detect, as employees try and cover their tracks. So how common are misdirected emails? Tessian’s own research reveals that, on average, 800 emails are sent to the wrong person every year in companies with around 1,000 employees. This is 1.6x more than IT leaders estimate.

There’s also a blend of the two, where someone knowingly sends information out of the company, but misguidedly believes they’re allowed to do so, for example, wanting to work on something over the weekend. While not malicious in the traditional sense, it’s still probably a breach of company policy. 

What makes responding to any insider risks difficult is that they’re often hard to detect. And while you might have locked down laptops, USB ports and filing cabinets, there’s always email. Email is the primary way nearly every company communicates with its customers, supplies, and partners. The average worker receives over 100 emails a day, and sends around 40. 

Stopping insider threats by email is made harder as employees often have legitimate access to systems and data, as well as the means to exfiltrate it, via email. Indeed, for some teams like finance, moving data in and out of the organization via email is a large part of their actual job. Stop that and you stop the business from functioning. 

It’s important to understand insider threat types, and by exploring different methods and motives, security, compliance, and IT leaders (and their employees) will be better equipped to detect and prevent insider threats and prevent a data breach.

Why insider threat management matters

What’s noteworthy about any insider threat is the human aspect. People make mistakes, either knowingly or accidentally, but with intelligent cloud email security that understands human behavior, identifies and surfaces unusual patterns, and increases visibility for security teams, organizations can begin to tackle insider threats head on, save time and stop  insider threats turning from simple mistakes or malicious intent into full blown incidents.