Partner content: The role of cyber negligence in insider threats

And how to fix it

Partner content: The role of cyber negligence in insider threats

When IT leaders think about insider threats, scorned employees making off with intellectual property when they leave for a new job or workers stealing data for financial gain may spring to mind.

However, most incidents stem from carelessness rather than maliciousness.

According to research by Ponemon, 56% of insider attacks were caused by employee or contractor negligence or carelessness, costing on average $484,931 per incident. The research found that respondents are most concerned about credential theft, followed by malicious insiders and then negligent users, so may be underestimating the risk posed by human error.

New ways of working and new risks

Many employees who raise their organisation's insider threat risk may simply be trying to do their job. People rushing to finish a task or project who have access to sensitive data or IP can cut corners, or are unaware of the steps they should take to ensure their devices remain secure - meaning data is unwittingly stored in unsecure environments.

The rise of remote working has made mitigating the issue even more of a challenge. With employees increasingly moving away from their organisation's traditional security perimeters, accessing corporate networks using their personal devices, and moving from place to place, it is easier for data to fall into the wrong hands due to carelessness.

From leaving a device on public transport, to unwittingly clicking on a phishing email while distracted, or forgetting to install a vital update away from the watchful eyes of IT teams, this change in environment has introduced new vulnerable entry points and risks.

Not only does this risk apply to an organisation's own employees - it extends to contractors and employees in supply chains too.

Furthermore, the Great Resignation and ongoing tech skills shortage has meant that organisations may rush to replace talent, meaning onboarding and offboarding policies may not be properly followed. Carrying out these processes securely is important amidst a competitive job landscape, in which insiders may be more likely to try and take data to a new job.

In fact, recent research from Proofpoint found that of the 27% of UK survey respondents that changed job last year, 42% admitted to taking data with them.

Improving cyber awareness

While having the right tools in place creates a strong security foundation, if employees bypass security policies while carrying out their jobs or send data to unsecure environments, they are all but redundant. A people-centric approach to cyber security is therefore essential.

Promoting a culture of cyber vigilance requires regular training to assess employees' current level of security awareness, and identify areas for improvement. Regularly testing cyber literacy, without creating a blame culture, is also key to assessing the efficacy of a training programme and improving awareness levels.

For those that do not currently have a training programme in place, ensuring everyone in your organisation understands security protocols and the consequences of data loss, creating up-to-date Bring Your Own Device (BYOD) policies and establishing a means for employees to flag potential issues is a good place to start.

Technology and training in tandem

While important, training can go only so far, with even the most alert of employees capable of making mistakes while trying to do their job. The right technology is also needed to catch any security blunders that fall through the net.

Technologies such as data loss orevention (DLP), privileged access management (PAM), user and entity behaviour analytics (UEBA), and security information and event management (SIEM) can all help mitigate the risk posed by insider threats, both malicious and careless.

It is also important for organisations to implement a people-centric insider threat management (ITM) programme, suited to today's world of work. ITM makes it easier to see what information employees are accessing and how data is moving throughout an organisation, improving your ability to detect and respond to insider threats at speed and at scale.

As digital transformation and hybrid working continue to redefine organisations' security perimeters, a combination of both advanced technologies and a culture of cyber vigilance are needed to better identify and detect risky behaviour before data loss, downtime, or financial consequences can occur.

To find out more about the rise of insider threats, read the report

This post was funded by Proofpoint.