10 Shocking Facts About Insider Risk Of A Company

Security is a team sport. But how can an organization be sure that everyone is committed to victory – or even playing for the same team? The actions that employees take every day have an enormous impact on the security of a company’s IT environment. Employee mistakes like mishandling data or getting conned by a phishing email can accidentally open your business up to trouble like ransomware, account takeover, business email compromise, and other cyberattacks.

But problematic employee actions aren’t always accidental. Sometimes they’re deliberate acts of sabotage. Malicious insiders could be hiding inside an organization, ready to sell their credentials or company data for the right price – and in tough economic times, some employees will be unable to resist the lure of making easy money on the dark web. Learning to detect and mitigate insider risks is essential for security success. Whether they intend to harm an organization or not, choices that employees make can be the difference between a company thankfully avoiding a cyberattack or reeling from a cybersecurity disaster.

How Much of a Problem is Insider Risk for a Business?

No business is immune from the danger of insider risk, even just due to human error. Every business that handles data or operates digital systems is at risk of an insider incident that impacts their security, and that risk is growing.

• Insider risk is up by more than 40% in 2021
• More than 60% of cyberattacks are attributed to insiders
• An estimated 55% of organizations say privileged users are their greatest insider threat risk
• More than 2 out of 3 insider threat incidents are caused by negligence
• Negligent employees create over 60% of security incidents
• More than 80% of data breaches involve a human element
• About 60% of organizations say insider incidents have become more frequent in 2021
• Businesses in the US encounter about 2,500 internal security breaches daily
• Over 65% of accidental insider threats come from phishing attacks
• The average global cost of insider threat has increased by over 30%

How Do Employee Actions Generate Risk? 

As long as human beings are doing the work at a company, they’ll make missteps. While some accidental insider risk can be chalked up to the cost of doing business, other factors can be controlled – and smart businesses are making that a priority.

How to Spot a Non-Malicious Insider Threat 

These employee behaviors make it more likely that you’ll have an accidental insider threat turn into a damaging cybersecurity incident.

• Sharing passwords, especially privileged passwords
• Reusing, recycling, never changing, or writing down passwords
• Careless data handling like frequently sending sensitive data to the wrong recipient
• Fear of asking for help or clarification around possible threats like phishing
• Threats of termination if an employee makes a mistake
• Lack of support in enforcing security protocols
• Ignorance of common threats due to lack of security awareness
• Too little training in proper security protocols
• Time pressures that up the chance for a mistake
• No security culture within an organization

Source: ID Agent.