What is an insider threat? Insider threats are users with legitimate access to company assets who use that access, whether maliciously or unintentionally, to cause harm to the business. Insider threats aren’t necessarily current employees, they can also be former employees, contractors or partners who have access to an organization’s systems or data.
With insider threats representing the primary vector for 60 percent of data breaches, organizations need to scrutinize the threats walking through their door every day with as much rigor as they show when securing the perimeter from external attackers.
Why Are Insider Threats So Dangerous?
In a recent SANS report on advanced threats, security practitioners identified major gaps in insider threat defense driven by a lack of visibility into a baseline of normal user behavior as well as the management of privileged user accounts, which represent a more attractive target for cases of phishing or credential compromise.
Detecting insider threats is no easy task for security teams. The insider already has legitimate access to the organization’s information and assets and distinguishing between a user’s normal activity and potentially malicious activity is a challenge. Insiders typically know where the sensitive data lives within the organization and often have elevated levels of access.
As a result, a data breach caused by an insider is significantly more costly for organizations than one caused by an external attacker. In the Ponemon Institute’s insider threats mitigate
