News & Events

The computer emergency response team (CERT) defines ‘Insider Threats‘ as:

The potential for an individual who has or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.

Insider threats can come in many forms, including individuals, organization’s assets, people, information, and technology. It can be difficult to detect insider threats authorized to access your network. It can be intentional or unintentional.

• Intentional/ Malicious:

  • It can come from IT sabotage, fraud, or theft of intellectual property. According to a Biscom Survey, more than 1 in 4 respondents say they took data when leaving a company. Often it’s data they created, and they feel they own that work and take the information with them when they go.

• Unintentional/ Non-Malicious:

  • It can occur through phishing/ social engineering, accidental disclosure of data, improper disposal of data, or lost/ stolen portable data.

Threats can manifest anywhere so being prepared is critical. Detection and prevention should occur enterprise-wide, including HR, legal, and non-technical indicators. With automated behavioral tools, technical tools can help identify and mitigate insider threats, such as anomaly detection. It could also be as simple as observing behavioral-based anomaly detection (drug use, poor performance, absence, etc).

Your organization should have an insider risk/ threat program. Here are a few great resources available for creating a roadmap:

• The Intelligence and National Security Alliance (INSA), in partnership with DHS, FBI and ODNI, Insider Threat Program
• Cybersecurity & Infrastructure Security Agency (CISA) Insider Threat Mitigation 

There is an Open Source Insider Threat (OSIT) Information Sharing Group that CERT runs if you are interested in learning more. This enterprise-wide issue for organizations is essential to a comprehensive cybersecurity program. A survey conducted by Hitachi ID, found 65 percent of 100 IT and security executives said they or their employees had been approached to assist in aiding ransomware attacks. Preparing and watching for the signs of insider threats is crucial to cyber resiliency for companies.

Links you may find helpful:

• Insider Threat Center Website 
• Insider Threat Center Email
• National Insider Threat Blog Series

We are here to help. If you do not have these protections in place and need assistance preparing your organization against the growing amount of insider threats, please reach out to your broker now.

For more information, contact:

Lacy Rex
VP, Cyber Strategic Leader
Oswald Companies
Email

(Sources: insights.sei.cmu.edu, biscom.com, resources.sei.cmu.edu, cisa.gov, hitachi-id.com, insaonline.org, sei.cmu.edu)

Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Taylor Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.