Cybersecurity: Understanding the Inside Threat

Colin McMahon
Jan 7, 2019

When stories of cyberattacks reach the media, the culprit is often an outside source. Whether it is a foreign government or malicious hacker, organizations are conditioned to seek external threats to data security. This approach, however, misses a common cause of cyberattacks and data breaches—a company’s own employees.

Research has shown that more than half of all businesses are either at risk or have been attacked from the inside. To move forward with a fully developed data protection strategy, PSPs must be cognizant of inside attacks and minimize their risk.

The Importance of Employee Awareness and Training

Although a term like “insider attacks” may call to mind industrial espionage and ill-tempered employees, this is not always the case. While intentional and maliciously-motivated cyberattacks can and do occur from within, a large percentage stem from accidental behaviors. In many cases, the offending employee is unaware of the damage that he/she is causing.

As a result, the majority of accidental data breaches and cybercrimes from inside employees can be averted with better training. Workers who are taught to detect the signs of a cyberattack are more likely to respond appropriately (e.g., by identifying a spear phishing e-mail, notifying a supervisor about the suspected presence of malware, or simply understanding the importance of backing up valuable data).

A successful training program that is updated to reflect the continued evolution of cybersecurity can help employees avoid accidental data breaches, and also help them to identify suspicious behaviors from coworkers.

Figure 1: Breakdown of Data Breach Offenders

Cybersecurity insider attack

Source: Security Intelligence

How to Limit Insider Attacks  

Although employee training should be the first step toward protecting data, organizations can do more to ensure that they are maintaining solid cybersecurity practices. One common technique is to evoke the principle of least privilege (PoLP). In information security, this refers to restricting network access to only those individuals who need it. It also creates a separate set of privileges that are only available to network administrators. For example, a regular employee would have access to the entire network, but he or she should not be able to delete folders or restrict others’ access rights. This prevents the average employee from being able to damage the network.

Companies can also create device monitoring initiatives that track all devices (personal and corporate-owned) with confidential data on them. By doing this, a business can be made aware of a lost smartphone that contains network access codes, or move to take action against an individual who continually “misplaces” laptops or other hardware.

InfoTrends’ Opinion

As PSPs and other companies enter 2019, cybersecurity must remain a priority. Each year, businesses around the world lose billions to data breaches. A cyberattack is often a death sentence for small and medium-sized businesses; many of these firms go out of business within six months of a data breach.

In our latest piece on data responsibility, Understanding Data Responsibility: How PSPs can Excel in the Digital Age, Keypoint Intelligence – InfoTrends breaks down the multitude of regulations affecting data security, and how they are expected to change in the coming years. We also outline a thorough incident response plan so companies can be prepared to deal with data breaches.

Please see the latest report in InfoTrends’ store for more information.

Receive a weekly summary of recent blogs and other exclusive content.

InfoTrends Resources

New InfoTrends Studies

More blogs from

2016 InfoTrends, Inc.

WordPress Appliance - Powered by TurnKey Linux