Insider threats – what they are and how to defend against them

Full disclosure: this is a paid vendor article

Insider Threats

Insider Threats

Many organisations see external breaches as the biggest threat to their data security and spend millions building walls to guard themselves against hackers. It may come as a surprise to many that insider security threats – both intentional and accidental insider abuse and misuse – were seen to be by far the biggest cause of data leakage in 2015. With this in mind, it is imperative that you take steps to ensure you understand what your employees are doing with sensitive data.

The repercussions of insider threats can be enormous and can often go unnoticed. An insider may already have keys to the door so won’t trigger any security measures and they may already know where sensitive data is stored. Many cases of insider data breaches have been accidental, but the outcome is still the same – potentially large chunks of company profits spent on damages.

How to identify insider threats

In general, there are three types of insider that could be a threat to your organisation:

Malicious Insiders

Malicious insiders could be a current or former employee, a contractor or any other business partner who is authorised to access your organisation’s data. The motives for their attacks could range from revenge against a company they feel has mistreated them to simply personal profit. Theoretically everyone with access to your data could potentially exploit it for personal gain.

People who make mistakes unintentionally

A large proportion of data leakages occur due to honest mistakes on the part of insiders. They may have been caught in phishing scams, given their password out when they shouldn’t or left their account logged on across multiple machines. These threats are easier to detect and preventable by taking the right measures.

Outsiders posing as insiders

These are external attacks using an authorised user account with real credentials. External hackers can gain access through inactive accounts or by guessing passwords. Whichever way they gain access, they use genuine account details so do not show up as external threats.

Regardless of whether an insider leaks data intentionally or accidentally, you still need to make sure you are taking preventative measures to mitigate the risk. Dealing with insider threats is an ongoing, pro-active process that requires time and dedication.

How you can mitigate the risks of insider abuse

Know where your sensitive data is

It’s very important to know which areas of your IT infrastructure are the most likely to be of value to potential insider threats. It is also important to understand who has access to this data and how regularly it is accessed. Knowing these things will enable you to better detect when something out of the ordinary occurs in files and folders with sensitive data.

Evaluate your security strategy

Security breaches should be treated in the same way as a fire – there should be regular evaluations of safety regulations and ideally testing should take place to assess your current reaction to breaches. This kind of testing should enable you to spot anything you have overlooked or any loophole that currently exists.

There are some basic security practices you can enrol that will help firm up security; including patch-management procedures, IDPS configuration, passwords and authentication policies, firewalls and log review procedures.

Be sure to also look at how up to date your current security measures are. Threats evolve very quickly, and new versions of critical IT systems are released fairly regularly, it’s important that you stay up to date.
A regular and pro-active approach to auditing and monitoring critical IT systems needs to established. This will enable you to track activity in files and folders to ensure only the right people are accessing the right data. Being constantly aware of this will help you mitigate the damage should a data breach occur.

Maintain a least privilege policy

Employees often move departments, get promoted or be tasked with something that requires extra levels of permission. In all these cases new permissions may need to be granted and old permissions may need to be revoked. Maintaining a least privilege policy by monitoring these changes can ensure that only the right people have the right levels of access to the right data. Accounts with inappropriate levels of access are more likely to be damaging to your organisation.

Make insider threats a priority

Often the main issue is that certain people within the organisation won’t admit there’s a problem. Unfortunately, with insider threats, it’s only a matter of time before you experience the problem for yourself. Keep insider threats at the forefront of your mind when developing new security plans, assigning new permissions or managing employees.

Monitor your users

If you are able to make use of behavioural analytics tools, like User Behavioural Analytics or Network Analytics, then make sure you take advantage of them. These tools will highlight any behaviour deemed abnormal after establishing a base-line for what normal is. It can also simplify the process of identifying users with high-risk identity profiles.


Insider threats should be the number one cause for concern for any organization when it comes to protecting their sensitive data. Organisations that store personal information about their employees, clients, partners or customers have a duty to protect that information. A simple way of ensuring that you are able to pro-actively audit and monitor your critical IT systems is to deploy an automated solution like LepideAuditor Suite. This solution can clearly show who accesses what information as well as when and from where it was accessed. It actively audits, monitors and alerts on changes made to critical IT systems, tracks current permissions and permission changes and monitors all aspects of file/folder activity – all from a centralised console. Be sure to consider using an automated solution, like LepideAuditor Suite, when you address insider security threats in your organization.