The Definition of Insider Threat
While traditional security solutions are focusing on protecting against external threats, the transformation of organizations’ business logic to the cloud increases dramatically a new attack vector - The Insider Threat.
An insider threat is a security risk that can involve:
- Malicious insiders - employees or partners who have access to sensitive data and utilize it to achieve personal or financial profit.
- Disgruntled former employees - emotional attackers who want to damage their organization to revenge.
- Careless insider - an innocent pawn who unknowingly exposes the system to outside threats. This is the most common type of insider threat, resulting from mistakes, such as leaving a device exposed or falling victim to a scam
- Third Parties - vendor or applications who misuse their access to the organization data as a result of a security breach or malicious intentions
In general, an insider threat is a security issue that involved an object from the organization and not from outside.
Insider Threat Statistics
Insider threats are a growing problem, as evidenced by a recent Ponemon study “2020 Cost of Insider Threats: Global Report”:
- 60% of organizations had more than 30 insider-related incidents per year
- 62% of the insider-related incidents were attributed to negligence
- 23% of the insider-related incidents were attributed to criminal insiders
- 14% of the insider-related incidents were attributed to user credential theft
The Cost of an Insider Threat
Today cloud-oriented insider threats are one of the most common reasons for data breaches worldwide, and they can often lead to the most expensive data breaches. Research conducted by the Ponemon Institute suggests that an insider threat originating from a negligent employee costs, on average, $283,281 per incident. If the incident involves an insider intentionally stealing data, that cost rises to $648,845.
Realworld Insider Threat Examples
Here are recent examples of insider threats that damaged the largest companies:
Saasment Detects Potential Insider Threats and Risks in Cloud Apps
We allow organizations to take cyber attackers’ perspective and stress-test its security stance to validate the cloud security posture effectiveness.
We help organizations automate the security validation process from three different aspects:
- Prevent Cloud Breaches - Get visibility into how your SaaS application data is being exposed, who can access the data, and from where.
- Simulate Insider Threats - Harness advanced Breach and Attack Simulation to proactive simulate actions and detect how your security controls react.
- Demonstrate Compliance - Easily auditing the organization SaaS environments and the security controls against ISO, SOX and CIS Benchmarking.