An insider threat doesn’t have to be malicious to be costly. Employee workarounds and Policy violations create consequential security risks.

In todays vastly changing world, working remote has brought many benefits to both employees and employers, but it has also heightened security threats. Many employees are engaging in behaviors that put applications and data at risk, being way from the watchful eye of the IT team.

Trend Micro released a study in July 2020 found that users “frequently” circumvent company security policy if it makes their jobs easier. 56% of employees say they use nonwork applications on a company device and acknowledge this is a security risk. 39% say they frequently access company data from personal devices — almost certainly breaking company security policies.

85% say they take instructions from IT seriously, yet 34% admit they don’t give much thought to whether the apps they use are sanctioned or not. Additionally, 29% think they can get away with using nonwork applications because the solutions their company provides are “nonsense.”

Costs behind an Insider Threat

Many people think of an insider threat as an employee who purposely steals data or sabotages systems. However, a recent Ponemon Institute found that 62% of incidents did not involve malicious intent. They are more likely to involve “negligence” or “human error,” in which users unintentionally mishandle sensitive data or commit policy violations with “workarounds” that bypass IT processes.

 The average number of incidents involving negligence has increased from 13.2 per organization in 2018 to 14.5 per organization in 2020 and can cost an average of $307,111. That works out to an average annual cost of more than $4.5 million. It’s estimated that at least 80 million insider attacks occur in the U.S. each year, although that number may be quite low because such events often go unreported. The increasing use of employee-owned devices in the workplace is creating more risk. However, many organizations admit that they still don’t have adequate safeguards to detect or prevent attacks.

How to Combat Insider Threats

In addressing the threat, organizations should establish appropriate use guidelines for their technology assets. These policies should be precise, easy to understand, and frequently reinforced with employee education programs. Organizations should also ensure their security infrastructure isn’t just focused on outside threats. Firewalls, intrusion prevention and anti-malware solutions are essential but don’t address threats from inside the network.

Access permission solutions improve visibility and control of network activities. They perform authentication and authorization functions and can restrict access to users based on role or identity based policies. Access permission solutions can also identify patterns of behavior by users or groups that might signify unauthorized intrusions, misuse, or malicious attacks.

Data loss prevention (DLP) solutions examine outbound network communications such as file transfers and emails. DLP scans will generate alerts if any activities violate company policy.

Content-filtering solutions can identify malware signatures, filter web-based applications, and examine instant messaging and email to protect against data leakage. They can also enforce access policies on remote and mobile devices being used outside the network. There is a tendency to think of “security breaches” as sophisticated attacks by external hackers. However, data loss is often the result of “user error” or “security policy violations”. With many employees working remote, organizations need security tools that protect against these threats.


For tips on identify phishing threats, visit Avoiding Social Engendering and Phishing Attacks.
For an Advance Cyber Security Suite Assessment, visit A.C.S.S. Assessment.