How to Mitigate an Accidental Insider Threat

How to Mitigate an Accidental Insider Threat

By Gotham
Posted in Security
On September 20, 2021

This is a guest blog from Proofpoint, a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people.

Today’s organizations face a variety of challenges and security risks, ranging from ransomware to phishing campaigns. For this reason, many organizations invest significant time and resources to detect and prevent external threats. But one area that is often overlooked is the insider threat.

There are three primary types of insider threats:

  • Malicious: Employees or third parties who intentionally cause harm to an organization from the inside.
  • Compromised: Employees or third parties who fall victim to credential thieves, thereby granting unauthorized access to applications and systems.
  • Accidental: Employees or third parties who make mistakes that unintentionally cause incidents.

Though malicious insider threats often get the most attention, they only comprise 14% of all insider threat incidents. Accidental insider threats, however, account for 62% of all incidents, costing organizations an average of $4.58 million, the most in total per year. Clearly, the greatest risk for any organization is also its greatest asset: its people.

Let’s look at the top three ways an accidental insider can pose risks to your organization.

Three Accidental Insider Threat Risks

As we’ve already described, an accidental insider is often an employee or third party who makes an unintentional mistake. Those mistakes, however small they may seem, can have far-reaching implications.

  1. Forgetting (or Not Understanding) Company Policies or Rules & Regulations

Every organization is required — sometimes by law — to meet various compliance mandates and regulatory requirements. And though many employees know that various rules and regulations exist, they aren’t aware of how they can impact their day-to-day activities, or the ramifications that could result if they’re not adhered to.

To mitigate this risk, make it a priority to hold regular trainings for employees to ensure they understand the rules and regulations that impact the organization’s security.

A component of this also extends to third parties (vendors, contractors, partners and suppliers) as well. They often have access to portions of an organization’s network, so they also need to be regularly reminded of the rules and regulations the organization must adhere to.

It’s also worth noting, though sometimes employees may break policies without realizing it, other times, employees may break policy in an effort to simplify a task. This can often go undetected, increasing an organization’s risk. To mitigate this, consider implementing a solution that effectively monitors both user and data activity to proactively catch employees in the act.

  1. Personal Devices and Unapproved Applications

In today’s work-from-anywhere world, it’s increasingly likely that employees are leveraging their own devices, not necessarily a company-issued one. This elevates the importance of device security education for employees since unsecured devices are often a common cause of accidental insider threats. Reminding employees of best practices around device security, from strong passwords to physical security (don’t share devices, for example), can help mitigate accidental insider threat incidents.

Additionally, when working on a personal device, it’s easy to forget what’s considered a work-approved application. For example, a well-intentioned employee could accidentally transfer sensitive data to a personal cloud storage account, unintentionally opening the organization up to significant risk.

For this reason, organizations should create — and frequently revisit — a list of approved services and applications employees are able to use. This should be complemented with information on how to properly secure those services and applications, and clarification around where certain data must be stored (and why). Emphasizing the why in every piece of employee education is likely to increase the chance of employees remembering it.

“Employee education goes a long way in mitigating accidental insider threat risk, but the reality is that even well-intentioned employees can make mistakes,” said Ryan Kalember, EVP, Cybersecurity Strategy, Proofpoint. “For this reason, organizations that have an insider threat management (ITM) program in place can more effectively — and more quickly — prevent the financial harm and brand damage that often results from the data loss associated with accidental insider threats. A modern solution that effectively monitors user and data activity simultaneously enables organizations to evolve with new requirements in this work-from-anywhere world without compromising data security.”

  1. Forgetting to Patch and Upgrade

Our work-from-anywhere world certainly has its perks, but it also comes with more distractions. In fact, many accidental insider threats stem from not paying enough attention, a big factor when employees make poor security decisions.

To that point, consider implementing an automated patching and upgrade distribution system. Most people aren’t great about keeping their devices patched or upgraded, so asking employees to be directly responsible for this is ineffective. Automation can be extremely effective in patching up vulnerabilities and flaws before they can be exploited.

It’s All About Employee Education

Building a culture of cybersecurity awareness can go a long way. As each of the three examples above illustrate, it comes down to this: The best way to mitigate insider threats is to increase — and maintain — regular employee education and communication. Sometimes it’s not enough to share a blanket statement about the latest updates to company policies; helping employees (and even third party contractors) clearly connect the dots about what these policies mean for them in their day-to-day work can help mitigate the accidental insider threat risk.

Learn more about our Cybersecurity service offerings.