On the last point, one high-profile case illustrated the potential consequences of this behavior: two General Electric employees started a competing company based on trade secrets that they downloaded at work. These two former GE employees ended up with a prison sentence and a $1.4 million fine – a searing reminder that employees do not have the right to take company data to another company.

While most insider data breaches aren’t quite as malicious or blatant, it’s important to prepare for the worst-case scenario.

What drives insider threat?

An insider threat typically refers to potential attacks from users with internal or remote access inside the system’s firewall or other network perimeter defenses. These “threat actors” can include employees, contractors, third-party vendors and even business partners. In other words, anyone with network access. Potential results include fraud, theft of intellectual property (IP), sabotage of security measures or misconfigurations to allow data leaks.

Of course, not all insider threats come from actual insiders. It’s not hard to imagine instances where, for example, an external party gains access to the physical premises and connects to the network directly, deploying a router in a discreet location for future remote access. This example raises the importance of on-premises security and early detection whenever unapproved devices are added to the network.

A few common examples, like memory sticks or Bluetooth transmitters, can also often pass under the radar. Does your system detect these on insertion? Probably not. This is important because it emphasizes a few key points:

  • There is no single security solution to cover every possible threat
  • Insider threats are difficult to pin down without knowing the motivations or patterns of potential attackers.

What motivates an insider threat?

The Insider Threat: Assessment and Mitigation of Risks