The term “insider threat” is commonly used within the cyber security and information security industries, referring to a risk posed by individuals within an organization who have access to sensitive information and who may intentionally or unintentionally compromise that information. These individuals can be direct employees or contractors, staff from service providers or business partners, or even customers. This type of threat can be particularly difficult to detect and prevent, as the individuals involved may have legitimate access to the information and may not be acting overtly maliciously.
Insider threats can be costly
The Ponemon Institute's "Global Report on Insider Threats" found that the cost of an insider threat to an organization can be significant. According to the report, the average cost of an insider threat incident for an organization is $8.76 million, with the cost of more severe incidents averaging $11.45 million. Additionally, it can take up to 18 months to fully resolve the threat, highlighting the importance of taking proactive measures to prevent and mitigate such incidents.
Some potential costs associated with addressing an insider threat who has stolen data may include:
- Legal fees: If the organization takes legal action against the insider or is faced with legal action because of the data breach, it may incur significant legal fees.
- Loss of business: A data breach can damage an organization's reputation and may result in losing customers or business partners. This can result in financial losses for the organization.
- Costs of remediation: The organization may need to invest in additional security measures or implement new policies and procedures to prevent future data breaches. This could include the cost of hiring additional personnel, upgrading technology, or providing employee training.
- Fines and penalties: Depending on the nature of the data breach and the laws and regulations applicable to the organization, it may face fines and penalties for failing to protect sensitive information adequately.
It is difficult to estimate the exact cost of addressing an insider threat for any specific organization, as each situation is unique. However, the cost can be significant and can have long-lasting consequences for the affected organization, as illustrated by the following examples:
A process technician employed at an auto manufacturer’s factory was accused of stealing company data and transferring it to third parties. According to news articles, the employee accessed confidential information and trade secrets and transferred them to outsiders, causing damage to the company's operations and potential financial harm. The former employee initially denied the allegations and filed a counterclaim against their former employer, claiming to be a whistleblower who was retaliated against for raising concerns about the company's wasteful practices. After admitting to the alleged activities, the dispute was settled with an agreement that he would pay several hundred thousand to the company in damages.
In another example, a former employee of a transportation company was accused of stealing trade secrets related to self-driving technology. The employee had been a key executive at the autonomous vehicle unit but was fired for not complying with an internal investigation. The investigation was brought about because of a lawsuit filed by this employee’s former employer against their current employer, alleging that they had taken confidential information from their previous employer and brought it to their new employer. The employee was later convicted in criminal court after years of legal battles, ordered to pay their former employer over a half million dollars, and sentenced to more than a year in prison.
A third example is in the midst of unfolding and highlights the risk that even senior executives can pose to an organization. The now-former COO (and previously CFO) at an international law firm has been accused of copying hundreds of very sensitive and confidential documents, detailing financials, software tools, employee compensation, firm strategies, and more. The lawsuit filing states that the employee deleted thousands of files to hide their tracks. It also accuses them of abusing their authority by asking an employee to disable technical controls that would otherwise prevent writing data to a USB drive and later had a consultant remove them from litigation holds, which then allowed for the deletion of thousands of emails.
Practical steps for preventing a breach
Insider threats to information security can have serious consequences for organizations, including financial losses, reputational damage, and legal action, often taking years to resolve. It is important for companies to have robust security measures in place to prevent and detect such threats, including strict access controls, ongoing employee training, and regular monitoring of employee activity. In addition, it is crucial for organizations to have clear policies in place regarding the handling of confidential information and to take swift action when such policies are violated.
Here are some preventative actions your organization can take:
1. Monitor employee activity: Identify insider threats by closely monitoring employee activity, including their access to sensitive information and their use of company resources. Tools such as log analysis software can track user actions and alert administrators to any unusual or suspicious activity.
2. Conduct regular security assessments: Regular security assessments can help identify weaknesses in an organization's information security systems and potential insider threats. These assessments should include a review of employee access to sensitive information, as well as an analysis of any potential vulnerabilities in systems and processes.
3. Establish clear policies and procedures: Clear policies and procedures regarding the handling of sensitive information and the proper use of company resources should be communicated to employees and regularly reinforced through training and reminders. Employees who are aware of the expectations and consequences for violating these policies may be less likely to pose an insider threat.
If your company is concerned about insider threats to your information security, the team at AlixPartners can help. Our team of experienced professionals has the knowledge and expertise to assess your organization's security systems and identify potential vulnerabilities. We can provide recommendations for improving your security posture and help you implement the necessary controls to protect against insider threats. In addition, our team can provide guidance on ongoing monitoring and support to ensure that your systems are continuously secure. Don't let insider threats put your organization at risk. Contact AlixPartners today to learn more about how we can help protect your organization.