Insider Threats: Hiding in Plain Sight 

Another workday begins. Employees stream into the office. From well-dressed to perpetually casual, from nerdy to academic – your workforce has a lot of personality.

Think you could spot the employee who will trigger a data breach today that could cost your company millions of dollars? Think again.

You may have heard the term “insider threat” – but what does this mean and who within your company is putting you at risk? And why? Let’s take a closer look at the ordinary users that make up the largest threat to your organization.

Profiles of Insider Threats

While malicious internal actors grab the headlines (think Edward Snowden), your most profound threats are likely the least obvious. They constitute the backbone of your workforce. These so-called ‘inadvertent insiders’ exist in every organization around the globe. They’re usually well-intentioned, but they’re also careless. And that carelessness could severely impact your company. A much smaller segment will act deliberately. According to 2018 Ponemon Institute research, the average cost of an inadvertent insider breach exceeded $8.7M, accounting for 64 percent of total incidents.


This group of inside actors will generally appear to be compliant with an organization’s security requirements. Typically, they do not respond to awareness training – it’s simply a ‘check-the-box’ exercise, perhaps required annually. For example, this group is more likely to open a phishing email and click on a malicious link. While this group is not large, it’s responsible for more than 60 percent of incident tickets.

Negligent insiders 

The careless employee represents the largest insider threat subset and carries the heftiest cost to the organization. Again, they may appear to be compliant with security policies, but small infractions add up. These behaviors can range from bad security hygiene, such as poor password selection, to simply taking shortcuts in the interests of productivity. New employees constitute the largest subset of negligent insiders, reinforcing the fact that mistakes, and not intentional acts, are truly the culprit.

Frequent travelers fall within this category as well, often with the misperception of productivity gains. Unsecured public Wi-Fi connections can expose valuable corporate data to bad actors lurking in airports, coffee shops and hotels. The irony here lies in the fact that the potential damage severely outweighs any possible productivity gains in the few minutes they’re able to get work done.

Cyber Remedy – a Team Sport

Dealing with inadvertent insiders does not rest solely with one individual or one part of the organization. A truly effective preventative approach will involve cross-departmental action.

Given the dubious track record of new employees, reexamine your security training during onboarding. Is it current? Does it reflect your organization’s employee makeup? Is it engaging?  The persistence of cyberthreats should be met with persistent and effective training.

IT plays a significant role in breach protection. Providing tools such as LastPass offers an excellent approach to mitigating potential breaches, with a solid password security layer to protect against unauthorized access. In the case of an exiting employee, revocation of LastPass access will block access to all business applications. Additionally, LastPass won’t fill when a page is phishing for credentials.

A co-worker can be in the best position to detect behavior inconsistent with security policies. Encourage all employees to look for potential violations, and to politely advise the co-worker to alter the behavior. Escalation policies can be determined by Human Resources if necessary.

In the case of employees with malicious intent, know your users and what appropriate data access looks like. While human behavior may be hard to predict, behavioral changes may be noticeable. Have they asked for access to business applications beyond their purview? Have they become disgruntled? Are you aware of financial strain on an employee? Are they preparing to leave the company? These can all be early warning signs of potential data security risk. While not foolproof, common sense can make a difference in evaluating behavior.

Training, organizational alignment and technology tools should all play a role in the escalating war against data breaches. Looking for more resources? Be sure to review our breach prevention tips here.


  • Jacob says:

    Who is Eric Snowden?

  • I had “Last Pass” placed on my PC early last year and I did not realize my contract had expired and began using a variety of passwords for different sites. However it is impossible to recall the many sites I had responded to and the required password for each site. I have been searching for the pc tech who taught me “last pass” and today’s email re: renewing “last pass” is an answer to my prayers. Thank you “last pass”