What is Insider Risk?

When an employee is responsible for a security breach or a data leak, it is called an insider threat or insider risk because it comes from within the workplace. The reasons behind the individual’s actions could be accidental or due to negligence, but in some unfortunate instances it is malicious. Therefore it is important to talk about both malicious insider risk (intentional insiders) as well as negligent insider risk (unintentional insiders). To make matters even more complex we can also be dealing with third-party threats. These can be contractors or vendors who are not formal members of the organization, but who have been granted some level of access to complete their work.

From 2018 to 2020 we saw a 47% increase in incidents involving insider risk. For the past two years this threat has risen to 44%. The associated cost per incident has increased by more than 30%.

What is insider risk? Snapshot from AwareGO's Insider Risk Awareness video about malicious insiders and the importance of reporting suspicious behavior at the office. Photo is a collage of female supervisor talking to an unhappy employee. Coworkers witnessing the scene. Employee copying data onto a USB drive and subsequent news coverage about leaked data.

To help raise awareness during Insider Risk Awareness Month 2022, AwareGO publicly released three of our security awareness training videos. The videos touch directly on insider risk and are available for free on our YouTube channel. But how can organizations fight insider risk from within?

How to minimize insider risk?

Unlike hackers, who must penetrate multiple security measures to get access, insiders already have legitimate access. The use the organization’s computer systems, networks and confidential files and information to perform their daily jobs. Therefore, all employees and administrators must pay attention and be aware that someone within the workplace, even themselves, could be an insider risk.

Negligent insider risk is minimized with a strong security culture within the workplace. This can be done through regular cybersecurity training and risk assessments. This will help educate unaware employees and help them realize the cybersecurity risks involved in their day to day work. 

Snapshot from AwareGO video about accidental insider risk when working from home. A working from home computer can pose a risk if left unattended. Photo shows multiple faces at an online meeting and an email notification about an important meeting popping up.
Who could overhear you or your co-workers during an online meeting?

When it comes to malicious insiders we have a bigger problem. These actors willingly steal or leak data from their workplace covertly and can be hard to spot. They are aware of what they are doing. They know it will harm their workplace. Therefore training will do little to stop them. Careful monitoring of employee access within the organization can help spot these insiders. However, having a strong security culture will also help. Good training and well defined policies will help make other employees aware of the risk. It will also empower them to report if they notice a colleague taking or copying data or downloading illegal software.

Negligent insider risk

Negligent insiders or accidental insiders account for over 60% of insider incidents. When it comes to accidental/negligent insider risk, cybersecurity training can truly help. We recommend using short security training videos and awareness posters or messages to teach about the risks of being unaware and negligent with confidential information, passwords, access passes and downloads. This helps employees be better aware and showcases the correct behavior to minimize the risk. It can also help to do a regular human risk assessment within the organization. That way you can gauge people’s knowledge and behavior in risky situations and mitigate the risk by applying relevant training in the right areas.

Snapshot from AwareGO cybersecurity awareness training video about insider risk when working from home. A woman is working with sensitive data at her dining room table.
When working from home we need to be careful with confidential and sensitive data on our computers and printouts.

Insider risk usually refers to employees within the workplace. Another type of accidental or negligent insider threat is when employees fail to safeguard sensitive information or their work equipment while their friends, relatives or even pets are around. This type of insider risk is greater when employees are working with confidential documents from home. Malicious intent is not needed for a friend or a relative to become an insider risk. They can simply learn something of value from listening to the employee, or by looking at a computer screen or printouts while visiting. They might be unaware that the information is confidential or that they are putting your workplace at risk.

AwareGO has released two security awareness training videos that directly touch on accidental and negligent insider risk. To do our part during Insider Risk Awareness Month 2022 we posted them on our YouTube channel for free!

Malicious insider risk

Malicious insiders or intentional insiders can be, for example, unhappy employees, former employees, or corporate spies within an organization. These are the hardest to deal with. We cannot raise their awareness because they are intentionally stealing or sharing private information. They could also be uploading spyware or malware into the system. There are technical solutions to combat the malicious insider. This could be software that watches who opens which files and how often, who is giving themselves or asking for added security clearances, or who is accessing data that has no bearing on their job. Such software can be a good indicator to spot malicious insiders but it can also give you false positives.

Snapshot from AwareGO's cybersecurity awareness video about malicious insider threat. A computer screen shows that financial data is being copied.

Because training and security culture do not work on malicious insiders, we try to appeal to their colleagues’ best judgment. The “see something say something” element. Reporting security incidents is a big part of the strong security culture that we are helping companies build. One of our latest security awareness videos touches on this exact subject. It is now available on our YouTube channel as part of our efforts for Insider Risk Awareness Month.

How to spot malicious insiders

Some of the indicators of insider risk we might notice is a user who is gathering valuable data without authorization. Someone who is downloading and copying from data storage, or taking sensitive information home. They are also more likely to work outside regular working hours, use unauthorized equipment such as cameras and USB drives, ask other employees for their credentials, and access data that has little relation to their present role.

Other signs of malicious insiders to look out for are:

  • Disgruntlement – Dissatisfied employees and employees who have frequent conflicts with co-workers or supervisors are more likely to conduct an insider attack. Other signs of dissatisfaction could be an increasingly declining performance, an increase in mistakes, general tardiness, and missing deadlines.
  • Unusual enthusiasm – This could include staying late without being asked, keeping odd working hours, and trying to perform outside the scope of normal duties. Also, requesting access to data that they don’t need or should not have access to. This might be an attempt to gain access to sensitive data by a corporate spy.
  • Unexplained changes in financial circumstances – Big purchases or suddenly being able to pay off debts without having any obvious additional income sources could be an indicator that someone is profiting from selling sensitive information. Sometimes, cyber criminals approach employees and offer to pay them large sums for installing malware at their workplace.
  • Unusually frequent trips and vacations – This could be a sign of changes in financial circumstances. It could also be a sign that an employee is working for a competing company and is transferring sensitive data to them. 
Snapshot from AwareGO's cybersecurity awareness training video about insider risk. A female supervisor is having a serious talk with a male employee.
Employees who have frequent conflicts with co-workers or supervisors could pose an insider risk.

If you witness some of these indicators or warning signs from a co-worker, or former co-worker, you should report it immediately.

Is insider risk elimination possible?

There may always be malicious insiders lurking about but we believe that negligent insider risk can be eliminated with good training and a strong security culture. Cybersecurity training minimizes common mistakes and keeps cybersecurity at the top of people’s mind. Getting people involved and serious about cybersecurity can be difficult. By offering short and fun security awareness training videos you can keep their attention and increase your cybersecurity considerably. 

AwareGO Human risk assessment at work. Showing individual score over people's heads. People walking around at the office

If you’re having difficulty selecting the correct cybersecurity training content we might have just what you need. Take a look at our free cybersecurity training videos on YouTube and show them to your colleagues. If you believe your colleagues would benefit from this type of training, contact AwareGO and we will help you set it up.