.png)
Insider threats stem from multiple causes, with 62% of incidents attributed to employee negligence, 23% to malicious insiders, and 14% to credential theft. Industries such as public administration, where non-malicious threats are prevalent, and those adopting Bring Your Own Device (BYOD) policies, which 91% of security leaders see as high-risk for data exfiltration, are particularly affected.
Attack vectors often include phishing and compromised credentials, frequently exploited in both accidental and deliberate breaches. These threats are not limited to active employees; former employees, contractors, and even partners contribute to an evolving insider risk landscape.
High-profile breaches have heightened awareness of insider threats, as these incidents demonstrate their potential to be as damaging as external cyber-attacks. Incidents range from accidental credential leaks at large corporations to targeted social engineering on major social platforms.
Countering insider threats requires a comprehensive approach that combines technology, employee awareness, and continuous risk monitoring.
Insider Threat Protection is a Growing Market
The Insider Threat Protection market is one of the fastest growing sectors globally, projected to grow at a compound annual growth rate of 15-19%, with a market value of $5.03 billion in 2023, expected to rise to $13.69-15.48 billion by 2030. This is a meteoric rise is seen in response to the broad acceptance of Bring Your Own Device policies, increased susceptibility to social engineering and the effectiveness of new deepfakes.
This has been reinforced in recent years by the increasing growth of consultant and temporary contract workforces. This presents a major challenge for risk managers. The 2024 Insider Threat Report by Securonix identified that 90% of businesses see insider threat to be equally or more difficult to detect than cyber-attacks. A trend that has increased with the rise of remote working post-covid which is linked to a notable uptick in stress and mental health concerns among staff who have subsequently become more susceptible to fraud, deception, and even participation in insider attacks.[2]
Understanding the Types of Insider Threats
Insider threats can come in various forms - the malicious insider with harmful intent, the negligent employee who inadvertently makes costly errors, and those who unwittingly expose vulnerabilities. While many organisations use pre-employment screening to reduce the risk of malicious insider threats, accidental or negligent threats can also be devastating. Sectors with intense talent shortages, such as insurance and e-commerce, can face even higher risks due to rushed hiring and potentially lax screening practices.[3]
To address these diverse threats, organisations need a well-rounded insider threat management strategy that includes robust onboarding practices, continuous training, and a vigilant security culture.
Human Error - The Main Catalyst of Security Breaches
Human error remains the top cause of security breaches, responsible for an estimated 80-95% of incidents.[4]
With the rise of advanced deepfake technology, the threat posed by human error is only increasing, as attackers exploit both simple mistakes and lack of awareness. In this context, tackling the “people factor” becomes essential for any organisation serious about safeguarding its security.
Digital Footprints are a Growing Vulnerability
Every single employee at your organisation has a digital footprint, and these traces provide potential entry points for cybercriminals. Senior executives and high-profile employees, who often maintain visible online presences, are particularly vulnerable.
Criminals exploit this information to craft targeted attacks, making it essential for organisations to monitor digital footprints and implement strong insider threat management strategies. Recent high-profile incidents underscore this risk - in one case, attackers used publicly accessible information to infiltrate an executive’s account, bypassing existing security measures and causing significant damage.
The Email Threat
Email addresses are the most immediate threat to organisations. The rise of phishing attacks, which have doubled since 2020, indicate the growing potency of digital footprint threats. Using open-source intelligence an attacker can identify vulnerable points of entry into a system, or mine for personal details. In some spear-phishing examples, an employee whose email is accessible on an online CV or account can have their Google Maps account identified. Using reviews to identify places frequented (maybe a favourite coffee shop or a car mechanic) and the type of interactions, highly convincing and effective phishing emails can be crafted. This is a threat that is encountered with the onboarding of new members of staff but is especially acute to an organisation when applied to executives, directors and senior management.
Mitigating Insider Threats
Tackling insider threats effectively requires a layered approach, combining pre-employment screening, digital footprint management, and ongoing risk assessments.
Here are some best practices:
- Pre-Screening and Vetting
Pre-employment screening is essential for mitigating insider threats. Ekran System’s statistics reveal that 60% of organisations experienced insider incidents in 2022, with both malicious intent and negligence playing a role. Pre-screening candidates, especially those with privileged access, helps uncover risky behaviour patterns early. Vetting extends beyond technical expertise to include background checks and online activity reviews to ensure that individuals granted access to sensitive systems have a clean track record. This step also identifies red flags like associations with harmful actors or risky online activities.
As highlighted by Nisos, executives are particularly vulnerable, and their digital behaviour can expose sensitive data, making pre-screening vital to ensure trusted access to company information. Hackers often track personal information from social media or online activities to craft sophisticated attacks. Further using this information to infiltrate networks. Monitoring executives’ digital activities is crucial to minimise exposure as even seemingly harmless digital footprints can enable cybercriminals to breach networks.
- Continuous Insider Threat Risk Assessments
Regular risk assessments are a critical defence mechanism, allowing organisations to spot behaviour patterns that could signal insider threats. The National Protective Security Authority (NPSA) advises organisations to monitor employees with access to critical infrastructure and conduct ongoing assessments. These evaluations allow organisations to identify potential issues early, reducing the risk of breaches or sabotage.
Building a Resilient Defence Against Insider Threats
To effectively combat insider threats, organisations must adopt a multi-layered approach that includes pre-employment vetting, digital footprint management, and monitoring of staff with access to critical infrastructure (continuous assessments).
In this digital remote work dominated age, a robust defence relies not only on external cybersecurity measures but also on knowing who is already inside the organisation and managing risks accordingly. Such regular evaluations aid in the early warning of problematic behaviour, reducing the risk of data breaches or sabotage.
Ongoing monitoring of employees with access to critical data paired with assessments of digital footprints can help organisations stay proactive against these evolving threats, creating a resilient defence, minimising the potential for insider-initiated breaches.
[1] https://www.teramind.co/blog/insider-threat-examples/
[2] https://www.strategic-risk-europe.com/home/risk-guide-how-to-create-the-right-culture-to-tackle-people-related-risks/1445024.article
[3] https://www.ecisolutions.com/en-gb/blog/the-skills-shortages-report-which-industries-are-struggling-to-bridge-the-gap/
[4] https://www.infosecurity-magazine.com/news/90-data-breaches-human-error/