The Cost and Cause of Insider Security Risks

Two People Going Through Information in Files

Insiders have unique access and operational insight that can be leveraged to compromise sensitive systems or data, whether through malicious actions or negligence.

An insider is any individual who currently possesses or previously held authorised access to, or knowledge of an organisation’s resources, which includes: people, processes, information, technology, and facilities. Insider risk refers to the probability of harm or loss to an organisation, as well as any resulting impact, arising from the actions or inactions of an insider. This risk escalates to an insider threat when the insider demonstrates an intention to, or is likely to, cause harm or loss to the organisation.

The Impact of Insider Incidents

A recent Cybersecurity Insiders report revealed that in the last year 83 per cent of organisations encountered security incidents linked to insiders, with 48 per cent reporting that insider attacks have become more frequent over the past 12 months. And the associated costs shouldn’t be underestimated. In 2023, the average cost of an insider incident reached $16.2 million, in addition to subsequent reputational harm and the loss of vital customer trust.

Key Insider Risk Factors

While the motivations behind insider threats vary, from financial gain to disgruntlement for a malicious actor to simple human error for a negligent insider, there are several risk factors that increase the likelihood of an organisation falling foul of threat events.

AI-Driven Communication

AI, while a potentially transformative tool for enhancing productivity and security automation, is also a double-edged sword, proving highly advantageous for threat actors. Both malicious insiders and external attackers with compromised insider intelligence are exploiting AI to conduct highly personalised social engineering attacks, particularly via Business Email Compromise (BEC). AI-driven communication enables would-be attackers to craft convincing emails, mimic legitimate behaviour, and exploit the trust placed in insiders, allowing them to bypass traditional security measures with alarming precision.

Hybrid Work Environments and BYOD

The transition to hybrid work environments has significantly increased insider risk due to the merging of personal and professional spheres. While working between an office and their homes, employees often use the same devices, networks, and accounts for both work and personal activities, often leading to unintended security vulnerabilities if not properly managed. Employees working remotely may inadvertently share sensitive corporate information over unprotected networks or through personal email accounts or use a personal device without robust security controls to access corporate resources. This creates opportunities for malicious actors to exploit less secure endpoints as a gateway to the organisation’s systems.

Two men in conversation walking through office

Insufficient Training and Awareness

Many insider threats are the result of unintentional but unsecure actions, rather than malicious intent. When surveyed, 32 per cent of employees admitted that inadequate training is a key factor behind security lapses. Where employees lack the knowledge necessary to identify potential cyber security risks in their behaviours, risks are likely to occur. This gap in awareness can lead to careless behaviours, such as clicking on phishing links, mishandling sensitive data, or using weak passwords.

Unmanaged Access Privileges

Privileged access, or over-privilege, can significantly increase the risk of insider threats when not managed effectively. Employees or contractors often require access to sensitive data and systems to perform their roles, but granting excessive or unnecessary privileges creates opportunities for misuse, whether intentional or accidental.

For example, an insider with broad access may unintentionally expose critical information through negligence or fall victim to phishing attacks, enabling external actors to exploit their credentials. In cases of malicious intent, excessive privileges allow insiders to exfiltrate data, disrupt operations, or compromise systems with minimal detection.

The risk is heightened by the lack of regular audits or role-based access controls, which may leave outdated or redundant permissions in place. Additionally, privilege escalation—whether through system vulnerabilities or insider collusion—can further exacerbate this risk. Effective access management, including the principle of least privilege, regular monitoring, and prompt revocation of unnecessary permissions, is critical to mitigating these threats.

Threatscape’s complimentary Microsoft Purview Advisory Service helps you to understand the data security protections available within your Microsoft 365 license. With a no-obligation consultation with one of our award-winning Microsoft security experts, you’ll receive advice and recommendations on the type of data security risks companies face, and insight into how Purview and other capabilities within Microsoft 365 help defend against those risks.

You may also be interested in these articles:

welcome

JOIN OUR nEWSLETTER

Contact Us