When small business owners think about their cybersecurity and working on their resilience from cyber threats, they usually consider protecting against hooded hackers, hastily working to get their hands on sensitive data, or in general, external threats. While protection against malicious attackers, ransomware, phishing, social engineering, DDoS and other cyber threats for SMBs should be addressed at the start, many threats can originate from within a business.
According to a report by Verizon, 30% involved internal actors, which can include your staff, partners and third-party vendors. And 2021 will see no slowing down of insider threats: Forrester predicts that the number of insider data breaches will increase by 8%.
Whether wilfully perpetrated or not, insider threats are real security risks that can grow into devastating attacks, made even more dangerous by the fact that the perpetrators usually already have access to all systems needed to execute an attack.
Recognizing that even the most trusted of employees can be the actual threat isn’t something most business owners want to address. But the facts stand: the average cost of insider data breaches cost $13.3 million. Small businesses need to arm themselves with awareness and understanding of different types of insider threats and mitigation practices in order to stay protected on all fronts.
What are insider threats?
Insider threats are security risks that involve anyone connected with the inner workings of a business that already has authorized access and uses that privilege to misuse sensitive data and systems. Insider threats are cited as particularly dangerous due to the fact that they can go undetected for long periods of time, sometimes even years. And how can they go undetected for so long?
Since they involve someone who already has access to the breached data, businesses can wrangle with the challenge of determining whether they are engaging with that data in a malicious, or bening way, as part of their job tasks.
Before we delve deeper into the different types of insider threats, it’s important to know what can motivate someone to breach trust of their employer or partner and misuse the privileged access they possess. Just like with most cyber attacks and threats, financial gain stands as the top reason for insider threats.
Access to sensitive data such as customer information, payment information and intellectual property (patents, source codes, etc) can provide attackers the ability to earn money by selling them on the black market or even hold it under ransom and demand payment from the business for it.
Another reason, one our mind typically goes to when we think about insider threats, is disgruntled former employee seeking revenge. And SMB owners are quite worried about this: according to a report by AppRiver, SMBs are more concerned about attacks from disgruntled ex-employees than from nation-states, competitors, rogue hacking groups or lone-wolf hackers.
Finally, insider threats aren’t always fueled by malicious intent. Unintentional actions and practices by staff or partners that have access to your sensitive data can lead to accidental data leaks.
While difficult to detect, there are some common indicators that can act as tell-tale signs that you might have an insider threat on your hands, or in your systems:
- Unusual requests from access coming from authorized staff that might be out of the scope of their privileges
- Increase in the number of staff gaining higher access to sensitive data and part of the system and normally areas inaccessible to them
- Unusually increased bandwidth usage and downloading of large amounts of internal data
- Bringing in unauthorized physical storage media such as USB drives or CD burners that can be used to transmit downloaded data
- Unusual behaviours exhibited by individuals such as repeated breaks of security procedures, performing actions outside of the usual job scope, decline in work performance or even being overly enthusiastic about their job and the company, etc.
Types of insider threats
Now that we know what can motivate actors behind insider threats, we can much more clearly deduce what are some of the types of insider threats small businesses need to watch out for.
Approximately 88% of all data breaches are caused by employee mistakes. Human error is the driving force behind the majority of cybersecurity issues businesses experience and insider threats are no different. This type of insider threats regards to someone that unintentionally leaks data, misuses systems or accidentally downloaded malware to the company network.
Negligent employees might fail to follow security measures for convenience — downloading an app that can make their task easier, but they use one from an untrusted source that can download computer viruses or malware. They can also be simply unaware of proper security procedures and leave their device unattended, store their credentials on a sticky note or in their notebook app, in the open.
Not getting a raise they were hoping for, feeling betrayed by their manager, disregarded by their co-workers or getting wrongly fired, there are many things that can make an employee malcontent and wanting to act against their employer. Disgruntled employees as a type of insider threats are different from the negligent one as they do act in an intentionally malicious way.
Disgruntled employees might use sensitive information they have access to and expose them to the public or sell to competitors in order to harm business’s reputation, delete or modify sensitive data or sabotage systems and operations.
Partners and third-party vendors
Standing somewhere between insiders and outsiders, third-party vendors and partners often have access to sensitive parts or your systems and data. As they are not employed by your businesses they might not be aware of your security procedures and standards and will be surely less vigilant about their behaviours. The more suppliers and vendors you have, the more opportunities for negligence and even attackers leveraging them to get your systems there are.
While disgruntled employees can act in a malicious way, they are different from malicious attackers. Malicious attackers are knowledgeable about cybersecurity and know how to use that knowledge to exploit security vulnerabilities in your systems, networks and apps, install malware, escalate their existing privileges to gain access to critical parts of your systems, etc.
Usually financially motivated, they misuse their access to data and are known to redirect funds to their personal accounts, steal data to sell to cybercriminals or competitors and are the most dangerous type of insider threats due to their intricate knowledge of your systems as well as security procedures and security practices which they use to their (malicious) advantage.
The least common type of insider threats, especially for small businesses, but equally as dangerous as the others, insider agents can act either from revenge, social causes or pure financial gain. Usually aligned with external forces such as cyber criminals or competitors, insider agents can also be hacktivists, fighting against your business for a social or political cause, believing they are doing the right thing by exposing business practices and sensitive data.
Ways to protect your SMB from insider threats
While it’s important to understand how devastating inder threats can be, not all is so grim. For every type of insider threat, there is a way to protect your small business, and thankfully, proper cyber hygiene and following basic cybersecurity best practices can go far in defending against the threats that lie within.
Limit access to sensitive data
For any type of insider threat, whether unintentional or malicious, limiting access to sensitive data is crucial. Make sure that each of your employees has access only to those parts of the system and data that is needed for them to perform their daily tasks and set strict policies around who and how can access critical areas.
Keep your OS and all software updated
In the case of malicious attackers that are well-versed in exploiting known vulnerabilities in your system, apps and software, keeping them regularly updated to the latest available versions is the best way to make their job that much harder. Have a clear schedule of updates to your operating systems, security tools such as anti-virus solutions, apps and software in use, etc. and make sure that all available patches for existing vulnerabilities are applied.
Have strict offboarding procedures
With disgruntled employees acting as insider threats, they might take advantage of lax procedures around offboarding. As soon as the termination of a former employee is complete, their access to your company’s network and their accounts needs to be revoked immediately and monitored for a set period of time after that employee’s departure.
Nurture culture of cybersecurity awareness
We might sound like we are repeating ourselves by always citing the culture of cybersecurity awareness in your company, but it really is that important. Negligent employees leaking data or uncovering their credentials to scam emails has that much higher probability of happening if you do not nurture education and awareness amongst your staff. Have strictly defined rules and policies on how data, apps and devices should be used and what behaviour is not permitted, talk to you staff about how their actions can negatively impact their workplace and how they can act in a way that can improve cyber resilience. You can go one step further and have dedicated training that tackles the topic of insider threats and how they can report suspicious activity.
Pay attention to your staff
For disgruntled employees, the best course of action is to not allow them to become unhappy and revengeful. Check in on your staff’s well-being, have quarterly meetings where feedback is both given and received, have mandatory yearly vacations, offer stress management courses and training and simply — care about them. Your people are at the heart of your business and how hard it can be for you to think they would turn on you, you have to think about never letting it get to that point.
Work with IT security experts to mitigate insider threats
Small businesses often don’t have enough resources to address all of the cyber threats in the current landscape. Working closely with a trusted Managed Service Provider such as Altitude Integrations can help you follow through on all of these mitigation practices from insider threats. MSP can help you design and implement security policies and procedures, train your staff, regularly test your defenses, keep up with your OS and software update schedule, and even help you have a backup and recovery plan in place in the worst case scenario. Contact us to find out how Altitude Integrations can help you tackle insider threats and stay secure from dangers on all fronts of your systems.