What is an insider threat?
An insider threat is an employee (current or former), contractor, or other individual that has access to an organization's proprietary information and exploits that knowledge for personal or monetary gain.
Insider threat types and examples
Common types of insider threats
1. Negligent users - Employees who unintentionally commit data breaches by leaving sensitive data unsecured. This type of breach can occur if an employee leaves a work device unlocked or in an area where it can be stolen. Negligence can also come in the form of employees who bypass security protocols they feel are unnecessary or bothersome.
2. Departing or disgruntled employees - Employees that voluntarily or involuntarily depart a company and exploit company data for personal or monetary gain. An example of this would be a disgruntled employee that sells confidential and proprietary information about their organization to a competitor.
3. Espionage - Inside agents that operate on behalf of an external group to carry out a data breach or other attack. These threats can be as innocent as an employee that is duped by social engineering or as insidious as being blackmailed or bribed to divulge information.
4. Third-party threats - Outside parties with access to an organization's networks and information. These insider threats can occur in the form of a contractor using company access credentials to obtain and share sensitive information or intellectual property for several reasons.
The challenge of stopping insider threat
While organizations have long been focused on stopping hackers outside the organization from breaching security defenses, most have little protection against an insider threat.
There are at least three types of insider threat profiles. With a Malicious Insider Threat, an employee inside the organization purposely seeks to steal data, leak information or otherwise damage the organization. A Careless Insider Threat occurs when employees don't understand security policies or follow security rules, putting the organization at risk for malware infections and data leaks. And the Compromised Insider Threat involves an employee whose email account has been taken over by hacker through credential harvesting, social engineering, phishing emails or malware in order to steal information or make fraudulent financial transactions.
Almost every insider threat involves email. Email messages are frequently the source of attacks – messages that contain malicious email attachments and URLs are a common technique for launching advanced persistent threats and other attacks. And email is often involved in data leaks, whether malicious or inadvertent. To defend against an insider threat, organizations need insider threat detection for internal email that can quickly identify and remediate an attack or data leak. That's where Mimecast can help.
How to detect insider threat attacks
A company can use both human and technological insight to detect insider threats. As an organization’s personnel typically have direct contact with their peers, they’re likely to be the first to detect suspicious behavior. To enhance insider threat detection, organizations can also employ software solutions that monitor user activity, access management, and behavior analytics.
Prevent an insider threat with Mimecast
Mimecast provides cloud-based services for email security, continuity and archiving, managed from a single pane of glass, that help reduce the cost and complexity of advanced threat protection.
To detect and prevent an insider threat, Mimecast offers Internal Email Protect, a threat monitoring and remediation service for internally generated email. As part of Mimecast's email security offering, this insider threat program lets you monitor, detect and mitigate email-borne security threats that originate from within your organization.
Internal Email Protect scans all email along with attachments and URLs to identify malware and malicious links. Mimecast can also detect an insider threat with content filtering to enforce data leak prevention services.
Mimecast capabilities for stopping an insider threat
With Mimecast, you can:
- Examine all email coming into, going out of and staying within the organization.
- Detect lateral attacks via email from one internal user to another.
- Identify and stop threats or sensitive data leaving the organization.
- Automatically remove internal email containing threats.
- Reduce the risk of a breach spreading throughout the organization.
- Manage insider threat protection from a single console for reporting, configuration management.
Learn more about defending against an insider threat with Mimecast, and how to backup emails from Outlook with Mimecast archiving tools.
Insider threat FAQs
What are common indicators of insider threats?
Some common indicators of insider threats are:
1. Suspicious logins
2. Use of unauthorized applications
3. Increased data downloads
4. Erratic or unusual employee behavior
5. An administrator granting unauthorized users access to files
What are some best practices to prevent insider attacks?
To prevent insider attacks before they occur, organizations can:
1. Use access management software to give users access to information that only pertains to their role and job functions.
2. Carefully screen new hires. This includes background and drug screenings and checking references.
3. Hold yearly Security Awareness Training.
4. Monitor employee behavior and internet usage with analytics and monitoring software.
Who is most vulnerable to an insider threat attack?
Any organization of any size can fall victim to insider threat attacks. However, organizations that regularly handle highly confidential and sensitive information are more susceptible as the data they hold can be extremely valuable. Some organizations that may be at heightened risk are:
- Healthcare institutions
- Government agencies
- Financial institutions
- Software companies
