INSIDER THREATS AND THEIR IMPACT
Name
Institution
An insider threat can occur when a person with authorized access who is close to an organization misuses access to negatively impact the organization’s systems or critical information. The person may be either an employee of the organization, a third party vendor, partner, or contractor who has access to the organization system. A person with authorized access to an organization’s networks, data, or system is considered an insider. The insider may pose a threat to the organization affecting the organizations’ confidentiality, integrity, or availability of critical information either intentionally or unintentionally. Therefore, this piece covers the reasons for the occurrence of insider threat and the impact the threats have on the public sector.
There are different reasons that motivate insider threat. Some of these include malicious insider threats, careless insider threats, compromised inside threats, and unintentional insider threats. The malicious insider threat is one of the main reasons for the occurrence of insider threats. Malicious insiders when considering insider threat is seen as a deliberate action where an employee or a person with access to the organization purposely attempt to leak or steal information to cause damage to the organization purposefully (Farjon, 2018). Malicious insiders can be divided into three categories; the emotions-based, politically-based, and financially-based. The emotions-based may occur when a person with access to the organization’s data, network, or system is bored, frustrated, depressed, or angry due to the work or situation involving the organization. There is a high likelihood that such a person may act maliciously. For instances, when an employee gets upset with his or her employee performance review that does not go well or an employee that is fired. Financially-based malicious insiders may be one of the common causes of insider threat. This may occur if an employee is suffering from financial need; he or she may take advantage of and exploit the insider position for monetary gain. For example, an employee that feels he is not paid well may leak or steal information from his organization and sell to a competitive partner organization to fulfill his financial situation. Lastly, politically-based insider threats are not commonly experienced in organizations but there have been instances of state-sponsored insiders and corporate espionage. The driving cause for politically-based insider threat individuals may be in line with gaining national pride, financial benefit, or political in nature (Team ObserveIT, 2018).
When it comes to careless insiders, these are employees or people close to the organization who do not care or they are not aware of their organization’s workplace cyber policies. Insider threats caused by a careless insider can occur when they send confidential data or information over networks that are insecure or use public file syncing platforms which may put an organization at risk of leaks of critical information. Compromised insiders also seen as a careless act can be a reason for insider threat when the employee’s email is accessed by a malicious actor. The malicious actors mostly take over the email through social engineering, phishing emails, credential harvesting, or through malware in order to steal information or make fraudulent money transactions (Farjon, 2018).
Lastly, there is the unintentional insider which forms the reason for the occurrence of insider threats. Unintentional insiders can be categorized into three groups; lack of knowledge or understanding, convenience, and misplaced technology. Lack of knowledge or understanding becomes a reason for insider threat when the employee or an insider is not used to considering security implications of their actions which puts them at risk of being an unintentional threat. An example is an employee sharing organization’s critical information over less secured channels such as Google documents or using insecure public Wi-Fi to access sensitive data (Rose, 2016). Convenience is another motivator for insider threat though unintentionally. This can occur when employees try an alternative way in order to make work easier due to the organization cybersecurity tools or policies. For instance, an employee may forward work emails to personal accounts in order to work remotely; an action that can give malicious actors an opportunity to steal information. Misplaced technology is the last unintentional insider threat which occurs when insiders misplace their equipment such as mobile phones, laptops, or tablets that are connected to the organization’s system. An example is a person forgetting a laptop or mobile phone on a table at a local coffee shop which gives malicious actors an opportunity to access information. Therefore, the reasons for the occurrence of insider threats may seem to less malicious in many ways but the impact that they cause to the organization is felt severely (Team ObserveIT, 2018).
Impacts or adverse effects that organizations experiences as a result of insider threat can be categorized into five: operations, value, culture, liability, and reputation. An operations impact refers to the ability of an organization to implement its mission and goals. An insider threat can pose a negative impact on the organization’s operation ability by either disruption, increased overhead, or remediation costs. Operation distraction which is caused by loss of data or information concerning the organization financial, stuffing, intellectual property theft, or services records can lead to unplanned expenses, the inability of the organization to deliver goods and services on time, increased staffing and new R&D costs which affect the company operation ability. Increased overhead would impact business operation due to the need to improve cybersecurity which may be more costly in a large organization. The remediation costs would depend on the degree to which the company suffered and the necessary mitigation actions required which may affect the company operations (Thompson, 2017).
Value refers to business monetary qualities. Insider threat events can pose a direct impact on three categories of value that include market value, revenue, and intrinsic value. The impact insider threat to market value can result in events such as share price falling or stock drop. Revenue can be lost due to insider threat events. For instance, the intellectual property theft that occurred at American Superconductor resulted in an immediate loss of $800 million in revenue. The intrinsic value of a business can be directly affected by insider threat since the intrinsic value of a business intellectual property holds 50 to 80% of the total business value. Therefore, when the organization loses new designs and strategies for new products through the insider threat it faces tragic consequences. A culture of an organization is the background on which all operations of the organization are conducted. An organization with a week culture will have a difficult time in attaining employee retention and by losing employees it creates an insider threat. Most employees will intentionally take critical data when they leave an organization and may use the information in the other organization against their former employees. This may also need a data breach. Therefore, an organization with a good culture would be more secure against insider threat even if an employee is to leave (Thompson, 2017).
An organization can also suffer from liability due to insider threat. Liability refers to external costs that are charged on an organization. Insider mistake or data breach can result in the organization being charged for breach notification cost, compliance files, increased insurance costs, and litigation settlements which can be more expensive for a large organization. Lastly, reputation is an aspect of a business that insider threat can cause a big impact. Insider threat that needs to breach of the organization data gives the organization a hard time due to a large loss of existing customers that occurs. Organizations would have to expend significant resources in an attempt to restore and actively manage their reputation (Thompson, 2017).
In conclusion, reasons for the occurrence of insider threats should be keenly managed as they result in a profound impact on the organization. Therefore, for an organization to be secured from insider threat, it should ensure necessary policies and precautions are in place to guard its data and systems.
References
Team ObserveIT. (2018, May 21). The Primary Factors Motivating Insider Threats. ObserveIT. Retrieved from https://www.observeit.com/blog/primary-factors-motivating-insider-threats/
Farjon, M. (2018, October 31). Insider Threats: Keeping the Cyber Boogeyman Out. Techspective. Retrieved from https://techspective.net/2018/10/31/insider-threats-keeping-the-cyber-boogeyman-out/
Rose, R. (2016, August 30). The Future of Insider Threats. Forbes. Retrieved from https://www.forbes.com/sites/realspin/2016/08/30/the-future-of-insider-threats/#45e468de7dcb
Thompson, S. (2017, November 29). Reading between the lines: the real impact of insider threat. CSO. Retrieved from https://www.csoonline.com/article/3239070/risk-management/reading-between-the-lines-the-real-impact-of-insider-threat.html
