Do you know your insider threat personas?


Most organizations focus on inbound emails when it comes to protecting against cyberattacks. But what happens when email security threats are introduced internally by your own employees?

While this scenario isn’t usually the first thing that comes to mind when thinking about threats, it plays a big role.

According to Mimecast’s 2018 State of Email Security Report:

  • 88% of organizations were exposed by the actions of careless users who had inappropriately shared sensitive data or violated company security policies.
  • 59% of organizations will suffer from an email-borne attack caused by malicious intent, human error or technical failure.

In other words, internal threats are a significant source of security compromises within your organization. Employees frequently become unwitting participants in cyberattacks, aiding the lateral movement of threats through the distribution of malicious URLs and attachments or the exposure of sensitive data.

These threats are spread via internal-to-internal or outbound email and can have negative consequences that affect your employees, customers and partners.

So, just how do these internal threats originate and what can you do to protect yourself from them? In this multi-part blog series, we’ll explore the different ways employees carelessly or maliciously jeopardize your organization and discuss best practices to consider when implementing an email security solution.

“Who’s Going to Notice…?”

Meet Kim. Kim wants to make a career move and has accepts a position at another company called Planticon. This new position will be a huge step up for her career. Her current company disables the USB ports on her laptop to prevent employees from creating personal data backups or stealing data. Kim knows her new role at Planticon will be very challenging and wants to give herself a leg up to help with the on-boarding ramp up.

She wants to take some sensitive information with her to help in her next role. She decided to email the information to herself as a file attachment and download it onto her personal home computer—who’s going to notice?

Long Term Consequences of Insider Threats

This scenario happens more often than we think. Many times, the employee doesn’t intend to maliciously steal the data, but rather, they want to keep it as reference material ‘just in case’ they need to refer to it in the future. Their intentions are not to do damage to their prior place of employment.

But in some cases, an employee has a more damaging effect. For example, they may want to take a list of client information, including contact details and other personal identifiable information (PII) with them when they leave a company. This way, they can try and recruit (i.e. steal away) the client once they settle into their new role at a competing organization.

Whatever the intentions are, sensitive or confidential information remains the property of the original company. The leaking of that information could have unanticipated effects. For example, in Kim’s case, she may think by keeping the confidential information on her home laptop and not sharing it with her new colleagues that she is not doing any harm to her old company. However, what if her home laptop is then compromised by malware and hackers gain access to this sensitive corporate information? Once that information has left the perimeters of an organization, it’s harder to ensure it stays safe and out of the hands of cybercriminals.

Your Internal Email Threat Action Plan

Traditional email security solutions focus on protecting inbound email from phishing attempts, malware, impersonatieaanvallen, malicious URLs and attachments and other sophisticated attacks. However, as you can see from this example, insider threats can, and often are, introduced internally through the actions of your employees.

Do you have systems in place to help mitigate these internal threats? How are you protecting your internal-to-internal and outbound email traffic?

In this scenario, applying preventie van datalekken policies to internal and outbound emails could help identify when sensitive information is being sent externally and stop the email from leaving the organization. It would be also helpful to have threat remediation services integrated into your current email security solution to enable your IT staff to automatically or manually remove emails from users’ inboxes that should not be sent or viewed.

Learn more about Mimecast Internal Email Protect and how it can help protect you from the actions of the Kims in your organization.


Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Internal Cyber Threats – How to Protect Against the Enemy Within

Get the truth about malicious insiders. …

Get the truth about malicious insiders. In general, organiz… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Jul 31, 2018

How Lack of Training is Hurting Your Cyber Resilience Strategy

Get the facts about the lack of training…

Get the facts about the lack of training around cybersecurit… Read More >

Bob Adams

by Bob Adams

Product Marketing Manager - Security

Posted Aug 15, 2018

No One Wants to Deal with Data Leaks…No One

With Cybersecurity Awareness Month here,…

With Cybersecurity Awareness Month here, we’re ready to help… Read More >

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Oct 02, 2018