The phrase “insider threat” may conjure images of malicious attacks on your organization’s intellectual property from the inside, such as disgruntled employees and corporate espionage. While both of these are certainly threats, there is a third group of insiders who increasingly pose a threat to your business: well-meaning but careless employees.
According to a 2022 report from the Ponemon Institute, insider threats have been on the rise in recent years. The research finds that 67% of organizations experience between 21 and more than 40 incidents of insider threats a year. Most of those aren’t caused by malicious actors; 56% of the insider incidents last year were caused by negligence.
The cost of insider threats
Insider threats have long been a concern for businesses. For example, it has long been rumored that just two people know Coca-Cola’s formula and they aren’t allowed to travel together. (This rumor turned out to be a marketing ploy, but the formula remains a tightly-guarded secret.) General Motors is also famous for guarding its secret; its proving grounds are well-guarded, insulating the company from journalists and corporate espionage.
For years, this has been the popular image of an insider threat; an employee who sells information for a profit, or who is blackmailed into stealing trade secrets for a competitor.
This sort of theft is concerning for enterprises. No one wants their most important intellectual property stolen by a competitor, and there’s also an effect on the bottom line; the cost of criminal insider theft in 2022 was $4.1 million, according to Ponemon’s report.
The cost of negligence was greater in 2022, however: $6.6 million, or an average of $484,931 per incident.
Why is negligence so dangerous?
Most employees don’t want to steal or expose your company’s IP, however, they’re likely to be putting it at risk through carelessness.
The problem we see most often is that people tend to ignore best practices when it comes to protecting information. For example, a group of employees who post a selfie of themselves at work to social media, might inadvertently reveal intellectual property in the background. The internet doesn’t even need to be involved; when employees head out to lunch at a local cafe or to after work drinks at a local bar, they’re likely to talk about work in the hearing of potential bad actors.
Criminals know this, and are likely to troll employees’ social media, or even go to local hangouts in hopes of seeing or hearing trade secrets. Careless talk or posts can make employees targets for social engineering hacks or future attacks.
How can you mitigate insider threats in 2023?
Because most people don’t think about security like a security practitioner would, it’s important to teach your employees proper information security and document control, and incorporate it into your company culture.Your culture is important; once your employees understand why security is so important, many of them will be more vigilant about best practices.
It’s also important to keep an eye out for those who may be malicious insiders. Look for the actively disengaged people, the disgruntled employees who are likely to want to sabotage your organization. Keep in touch with culture by talking to employees and using surveys. Make sure that people who are terminated no longer have physical or digital access to your property.
Need more insights on keeping your IP safe? Contact Circadian Risk for a demo today.