Data breaches caused by insiders are on the rise—both in terms of frequency and their cost to the business. Yet many organizations continue to rely on blind trust of their employees and extended teams instead of making procedural or technical improvements to better detect and prevent insider threats. It’s time, experts say, for organizations to turn their information security focus inward. Here’s what businesses need to know about this often-underestimated threat.

60% of Data Breaches Are Caused By Insider Threats

Insider threats are reportedly the primary cause for 60 percent of data breaches. A recent study has revealed that the number of insider security incidents has risen by 47 percent since 2018, and the cost of insider threats has risen 31 percent in the same time period.

The current average annual cost of an insider threat is $11.5 million.

Insiders are typically defined as an individual with legitimate access to company assets who causes harm to the business—whether intentionally or unintentionally. Threats could come from current employees, former employees, contractors, or partners who have access (or previously had access) to an organization’s systems or data.

The reasons why insiders resort to criminal acts are varied and may include:

• Having the capability or opportunity through his or her level of access
• Making a rationale or justification for the behavior, such as acts by a disgruntled employee
• Receiving a financial incentive

Even an employee who appears relatively low risk for a security incident at hiring may not stay that way. According to reports, there are various online communities aimed at recruiting company insiders who are willing to provide access to an organization’s network or data. An employee may be particularly susceptible if they work in a lower-wage region, are under financial stress, or become dissatisfied with the organization.

Not All Insider Attacks Are Malicious in Nature

While the term “insider threat” is often used to describe an intentional act, in reality, there is a broad spectrum of potential insider incidents, ranging from the accidental click of a malicious link to outright theft of company data.

In the most innocent of scenarios, an employee may unintentionally put the company at risk by falling for a phishing campaign or by storing unencrypted data in a way that violates the company’s security policies. In the worst case, a malicious insider may purposefully harm the company by destroying or stealing data or sabotaging systems.

Some employees may even take data when they leave the company without realizing the consequences to themselves or to the business. An employee may believe that they are entitled to the documents or projects they worked on, or that they didn’t receive appropriate compensation.

The Risk Your Company Invites In: HR’s Role in Combating Malicious Insiders

IT security teams certainly play a crucial role in helping detect insider incidents through technical solutions, but experts say that it’s ultimately HR’s responsibility to manage the psychological and behavioral element unique to insider incidents.

HR needs to ensure that the company isn’t inviting risk into its ecosystem, either by hiring an employee or contractor with malicious intentions or by not recognizing a team member who has become a security risk during his or her employment.

Here are 8 tips to help prepare your company to better detect and avoid insider threats.

• Evaluate security policies - Experts say that an organization’s security policy should include procedures to prevent and detect misuse of company resources, guidelines for conducting insider investigations, and the potential consequences to the individual.
• Screen new hires - In general, experts say that the more time spent investigating an applicant's background, the better.
• Monitor for disgruntled or compromised employees - HR teams should pay attention to potential red flags, such as low morale or an official reprimand of an employee. HR and IT can then work together to use the appropriate technical solutions, such as user behavior analytics to track any unusual access to systems and data.
• Institute regular cybersecurity awareness training - The Identity Management Institute states that employee education remains key to breach prevention, including cybersecurity awareness during onboarding and routine drills to practice attack and breach responses.
• Don't neglect physical security - Experts believe that simply keeping people away from the company’s critical infrastructure may be enough to prevent many insider incidents. For tips on better physical security of the workplace, visit the post Physical Security Is an Essential Component of Cybersecurity.
• Examine past insider threat incidents - Consider leveraging past insider threat incidents to create a playbook of use cases and make process improvements, such as adding potential indicators for behaviors or actions that were missed.
• Secure off-boarding - Employees may have a proprietary attitude towards data they worked on during their employment even if they leave the company on good terms. HR plays a key role in reminding departing employees of the company’s data security policies as well as notifying IT and security teams when an employee is scheduled to depart.
• Balance employee privacy - According to one study, employers need to balance reducing insider threats and protecting employees' privacy. Recommendations for a successful insider threat program are openly communicating the program and IT rules to employees, clearly defining the program's objectives, informing employees about their role in security, and avoiding the prioritization of security over productivity.

Additional Resources

• The Identity Management Institute provides a web page on Insider Threats to System and Data Security.
• The Federal Trade Commission provides more information on creating a response plan in its guide, Data Breach Response: A Guide for Business.
• The FBI offers an online brochure entitled The Insider Threat.