8 May 2022
Insider threat is your grandfather’s problem right? I mean, who has heard of insider threat being a problem and why should anyone need to create a policy and controls for that? We have many more important things to worry about such as malware, ransomware, nation state attacks and other items that may affect our supply chains.
How prevalent is the risk of insider threat? First, let’s understand that insider threat is a term used to convey a risk and can occur as a result of malicious intent and/or inadvertent actions by trusted employees or suppliers.
Recent reports such as the 2021 Data Breach Investigations Report from Verizon https://www.verizon.com/business/resources/reports/dbir/ indicate that privilege abuse/misuse is a particularly common attack risk. This is often exploited for monetary gain but can also be for other reasons, such as a grudge or even for entertainment reasons.
IBM’s cost of Insider Threats Global Report (2020) conducted by Ponemon, https://www.ibm.com/downloads/cas/LQZ4RONE shows an upward trend of insider events. Ponemon indicates that
“In the context of this research, insider threats occur because of the following:
— A negligent or inadvertent employee or contractor,
— A criminal or malicious insider or
— A credential thief”
And goes on to indicate that “…the negligent insider is the root cause of most incidents. “
So yes, the risk of insider threat is important in this day and age, and we have a responsibility to ensure that our supplier partners are taking the appropriate steps to safeguard against this threat before and during the time we do business with them.