In Barracuda's recently published report 2019 Email Security Trends 79% of IT professionals from around the globe reported concerns surrounding attacks and breaches originating from inside the organisation.

It's easy to see these numbers and wonder why so many businesses are worrying about the malicious intentions of their own employees when there are so many relentless anonymous attackers out there, but insider threats aren't quite this simple. In this article we explain what exactly an 'Insider Threat' means, outlining the typical step-by-step process of these attacks, as well as some advice for identifying and preventing.

 

Get the Report2019 Email Security Trends

 

What is an Insider Threat?

Insider threats by definition simply mean a threat that originates from a person or group of people within the organisation - such as employees, former employees, contractors or business associates - who have inside information concerning the organisation's security practices, data and computer systems. This is all pretty straight-forward so far, but the key detail here is that the intention behind the threat is not defined - this is because insider threats can be both malicious and accidental.

 

Malicious Insider Threats

Despite it being less common, this is the typical scenario that comes to mind for most people when hearing the phrase 'insider threat' - a disgruntled employee damages company systems, data, reputation and more simply to satisfy their need for revenge. Below are some examples of how this threat could materialise:

  • Infecting systems by knowingly downloading malware
  • Releasing or wiping confidential company data
  • Damaging physical devices and inducing downtime

The truth is, as much as this is still a very real threat, this kind of attack can be avoided quite easily through access management, changing login details once staff members have left the company, and most importantly creating a positive work environment to prevent users feeling disgruntled in the first place.

 

Accidental Insider Threats

Insider threats can also refer to an accidental exposure of sensitive data due to employees lacking cyber security awareness and poor/unclear workplace protocols.

Although most professional individuals are quite confident in their security practices, human error is actually one of the primary causes of data breaches, even affecting well-established organisations like the NHS and Sony. Below are some examples of how this kind of accidental exposure can occur:

  • Social Engineering attacks
  • Downloading malware infected software and applications
  • Weak password security
  • Careless data handling
  • Negligence of workplace security procedures

Preventing this type of insider threat is a bit more complicated as mistakes can happen in various ways to various areas of your business. To mitigate the risk as much as possible a layered approach is recommended, including the implementation of an advanced inbox defence solution, continuous user awareness training, secure access management and encrypted communications.

 

Get the White PaperCombating the Threat of User Error & Security Awareness

 

Step-by-Step Process

To display how quickly these threats can develop and spread, we're using one of the most common, detrimental types of insider threat, which is those stemming from highly-targeted social engineering attacks.

account takeover cycle
 
 

Identify and Prevent

Barracuda Sentinel mitigates the risk of Insider Threats at every step through its 3-point protection: Prevent, Detect, Remediate.

 

Get the Solution BriefOffice 365 Account Takeover - the New Insider Threat

 

Prevention takes place at the email gateway where any targeted phishing attacks identified through Sentinel's artificial intelligence are blocked, stopping many advanced attacks before they even reach a user's inbox.

For the cases where highly-sophisticated campaigns evade gateway defences, Sentinel detects any signs of account takeover, immediately alerting the IT team with concerns.

Finally - an important but often overlooked step - Sentinel remediates the incident by removing any malicious emails sent on from the compromised account, alerting any external contacts involved, and identifying all users who clicked on links to protect their accounts before find themselves compromised too. 

For more information on Barracuda Sentinel register for one of our weekly online webinars!