Taylor Caldwell published her book, The Pillar of Iron, in 1965. The novel discusses how a man living in ancient Rome struggles to save the Roman Empire from the forces of tyranny.
The tyranny he was referring to would be called insider threats today. In one of the most captivating passages in the novel, Caldwell writes:
An organization can survive its fools and even the ambitious. But it cannot survive deceit from within. A malicious actor outside the network is less formidable, for that threat is known, and the tactics, techniques, and procedures can, at times, be identified. But the insider moves amongst those within the network and the organization freely, the insider’s sly actions crawling through the network, and even gaining the trust of colleagues from within the organization itself.
The insider [is] so dangerous because they know the organization’s ways. They know exactly how to hurt you if they are determined enough, regardless of motivation, often driven by one or more of money, ideology, compromise, or ego.
Note: While the author used the term “network” throughout this passage, we should not confuse this with a “computer network.” In 1965, few organizations had anything that resembled a computer network, and they certainly were not found in ancient Rome.
Types of Insider Threats
However, and interestingly, when we think of insider threats today, we most often think these are attacks by one or more employees to an organization’s computer and data systems.
But according to the Cyber and Infrastructure Security Agency (CISA), insider threats also can include:
- Espionage (Spying)
- Acts of terrorism
- Unauthorized disclosure of information
- Corruption, including participation in transnational organized crime
- Sabotage (of data, property, or equipment)
- Workplace violence
- Intentional or unintentional loss or degradation of departmental resources or capabilities
As to how many insider threats occur each year in the U.S., it is hard to determine. Many companies, organizations, and even government agencies do not report them for a variety of reasons.
However, according to the Ponemon Institute, a private research group that focuses on IT-related insider threats, there were about 3,200 such incidents in 2018. By 2020, that had jumped to 4,716. There probably were hundreds more insider threats that were not IT-related.
Before discussing this topic further, we should define exactly what we mean by insider threats. According to the U.S. Community Emergency Response Team (CERT), an insider threat is:
The potential for a person with access to an organization’s assets to use these assets in a way that would negatively affect the organization.
The research organization Gartner takes this a step further. They refer to an insider threat as:
A malicious, careless, or negligent threat to an organization from people such as employees, former employees, contractors, or business associates.
So, who is committing these insider threats?
A study by Verizon reports that “careless insiders” are at the top of the list, especially when it comes to IT-related insider threats. These are people that have access to an organization’s confidential data or property but ignore or forget the rules of an organization when it comes to security.
As to the others, they are the following:
Malicious insiders. These are employees of an organization that use their access to corporate data for their personal gain.
Insider agents. These are outsiders recruited by insiders to steal, tamper, alter, or delete corporate data.
Disgruntled employees. As we can surmise, these are people unhappy with their employer and are seeking revenge. Often disgruntled employees plan to leave an organization, but often, they may have no intentions of leaving. Their interest is to cause harm.
Earlier, we mentioned that most IT-related insider threats occur due to careless insiders. This reminds me of a cartoon I saw a while back, and it takes place in a boxing match. The MC is announcing:
“In this corner, we have firewalls, encryption devices, antivirus software, security systems, alarms, and cameras.”
And then, pointing to the other corner, “And in this corner, we have Human Error Dave.”
Guess who wins the fight.
Fortunately, there are ways to detect and even prevent insider attacks, spying, sabotage, property harm, and workplace violence. Ask us how.
As always, we value your feedback, which helps us shape our perspective on recent events, security, and the services we offer.
Chief Executive Officer