• Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Critical Infrastructure
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
  • Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Critical Infrastructure
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
BLOG

What are Insider Threats and How Can You Mitigate Them?

04/19/2021

Most organizations worry about data breaches caused by cybercriminals. However, internal malicious actors, malicious actors disguising themselves as insiders, and accidental insider threats are often overlooked. In fact, according to Palo Alto’s 2020 “The State of Cloud-Native Security” report, 9.7% of survey respondents said insider threats were the primary threat to cloud security. To promote a more robust cloud security posture, understanding what insider threats are and how you can mitigate them is more important than ever.

What are insider threats?

An insider threat is a security risk within an organization, like current or former employees, officers, consultants, business partners, or the Board of Directors. Equally important, credential theft attacks can also fall under the insider threat umbrella because malicious external actors use the same login credentials as legitimate internal users.

Unlike traditional on-premise IT infrastructures that sit behind a company’s network firewall, cloud-based services rely on user login and credentials to grant access. The same qualities that make the cloud useful for a remote or hybrid workforce increase the attack surface. According to the 2020 Black Hat USA Attendee Survey, 11% of security leaders said that data theft or sabotage by malicious insiders was one of their most significant concerns at the time and 10% saw it as one of their greatest threats for the future. As Boards of Directors move their data to the cloud, Identity and Access Management (IAM), also called the “Identity Perimeter,” becomes more critical. IAM is the process of ensuring that the right person has the right access to the right resources at the right time for the right reason.

What are the types of insider threats?

Not all insider threats are created equally. Some are purposeful, while others are accidents. Understanding them is one way to start mitigating risk. In their 2020 Market Guide for insider Risk Management Solutions, analyst firm Gartner outlines three primary insider threats.

Malicious user

A malicious user sets out with a specific mission to sabotage the organization or steal data for either personal reasons or financial gain. This type of user could be someone who takes client information and tries to start a competing business.

Careless user

Careless users don’t intend to cause the company harm, but they have access to sensitive or proprietary data that they accidentally expose. This type of careless user might misconfigure a cloud resource leaving information exposed to the public internet. Another example would be a nurse who reads the patient’s record of someone he knows and shares a diagnosis with friends.

Compromised credentials

Compromised credentials are when someone’s login and password become known to someone outside the organization, exploiting this knowledge to steal data and/or sabotage the company. Often, this occurs because someone uses a weak password that cybercriminals can use in combination with their email address to gain access to your systems, networks, and applications.

Why are insider threats a problem?

Insider threats pose several risks because they’re difficult to detect. However, they also pose several other risks to your business as well.

Inability to detect

Problematically, insider threats are notoriously difficult to locate. Insiders don’t trigger traditional security alerts, because they already have access. Your security tools that monitor suspicious traffic won’t notice anything abnormal.

Data theft

Gartner defines data theft as the exfiltration of or unauthorized viewing of data. As a threat activity, it can be broken down into two different types.

Privacy violations

While cybersecurity often focuses on external threats to an organization’s digital resources, privacy incorporates internal user access to sensitive data. Having too much access to information, or having excess privileges, is a potential privacy violation even though everyone is a member of the same organization.

One of the first General Data Protection Regulation (GDPR) fines in 2019 was levied against a Portuguese Hospital. One of the cited violations was allowing “indiscriminate access to an excessive number of users.” For example, a doctor and a person taking a blood sample need different information to help a patient. The doctor needs to know everything about the patient including medical history, medications, and personal habits, like smoking. The lab technician taking the blood sample doesn’t need to know all of this. If the lab technician has too much access to electronic Protected Health Information (ePHI), a privacy violation could exist.

Insider fraud

Insider fraud is when someone with authorized access to an organization’s systems, networks, and applications purposefully misuses the access to steal data or money. An excellent example of this would be someone who can both create vendor accounts and pay their bills in your Enterprise Resource Planning (ERP) application. The person could create a fake vendor, assign payments to an account they own, and pay the invoice to themselves.

System sabotage

According to Gartner, system sabotage is activities that impact data integrity and availability such as malware, ransomware, account lockouts, and data deletion. Often, these issues arise from careless users who either click on a link in a phishing email or go to a malicious website.

Ways to detect and mitigate insider threats

Detecting insider threats is a challenge because most of the time, the individual is allowed to access your systems and networks. However, organizations can put some controls in place to detect and mitigate risk.

Create a strong password policy

The first step to mitigating the insider threat of stolen credentials is to set a strong password policy. Since cybercriminals know how to access databases containing lists of weak passwords, making sure that your employees don’t use those is important. Every password should be unique, contain upper and lower case letters, have numbers, and include special characters.

Additionally, if you want to make sure that your employees use a unique password for every login they create, you should consider providing a password management tool.

Require multi-factor authentication

Multi-factor authentication means that when users log into your systems, networks, and applications, they need to use two or more of the following:

  • Something they know (a password)
  • Something they have (a token or smartphone)
  • Something they are (biometrics like a fingerprint or facial identification)

The more authentication requirements you have, the more secure your organization is. Cybercriminals might be able to guess a weak password. They might even be able to intercept a text message used for multi-factor authentication. However, they won’t easily be able to manage all three at the same time.

Limit user access according to the principle of least privilege

The principle of least privilege means limiting users’ access as precisely as possible while still fulfilling their job functions. Often, IAM is difficult in hybrid and multi-cloud ecosystems because organizations onboard so many applications that they lose track of who has what access. Establishing and enforcing controls that limit user access to resources and within applications can mitigate excess access misuse.

Establish and enforce segregation of duties (SoD)

Segregation of duties is when you have multiple people engaging in different parts of a larger task to prevent a conflict of interest. For example, to avoid someone creating a fraudulent vendor linked to a bank account they own and paying bills to that account, you separate the vendor account creation and payment job functions. Applying the principle of least privilege to this, you limit access to each of those individuals to access the capabilities in the Enterprise Resource Planning (ERP) application so that they can complete their job functions but not access the other areas of conflict.

Create a robust privileged access management program

Privileged access is the riskiest type of access because it gives users the ability to change data and configurations beyond a standard user. This access can be both human or machine, including network administrators and service accounts. Because these privileges have so much access, cybercriminals look to gain access to these accounts through credential theft or weak passwords. Many administrative accounts for devices and software have default passwords that are easy to guess, making sure to change these passwords and monitor privileged users for abnormal behavior.

Segment networks

Although IAM controls act as a primary control, you can also use logical network segmentation to prevent people from accessing sensitive data. For example, as part of segmenting your network, you can consolidate similar information types to one network and control who accesses that network based on a need-to-use basis. Not only does this mitigate malicious insiders, but it can also prevent malicious external actors leveraging stolen credentials from moving laterally within your network if they gain access.

SecurityScorecard: continuous visibility

SecurityScorecard’s security rating platform monitors across ten categories of risk, including information leaks and social engineering risk, to help mitigate potential credential theft risks. Our platform provides an easy-to-read A-F rating scale giving you at-a-glance visibility into your security posture.

Return to Blog
Join us in making the world a safer place.
FREE ACCOUNT SIGN UP
Products
Solutions
Customers
Marketplace
Partners
Resources
Company
Trust Portal
Security Ratings
Login
Blog
Contact
Careers

SecurityScorecard
Tower 49
12 E 49th St
Suite 15-100
New York, NY 10017

[email protected]

United States: (800) 682-1701
International: +1(646) 809-2166
Social-linkedin Social-facebook Twitter Instagram Youtube