As the digital landscape becomes more interconnected and complex, insider threats pose a growing danger to organizations. National Insider Threat Awareness Month, observed each September, highlights the risks of insider attacks—whether malicious or accidental—and urges businesses to enhance their security strategies to combat these internal vulnerabilities.
Cyber Resilience as a Key Defense
Theresa Lanowitz, Chief Evangelist at LevelBlue, stresses the importance of cyber resilience in today's evolving threat environment. “Insider threats involve a company’s most valuable asset—its employees,” Lanowitz explains. “Business leaders must remain vigilant about the different types of threat actors that may emerge from within their own organization.”
Lanowitz advocates for aligning cyber investments with business objectives, ensuring that the C-Suite collaborates closely to mitigate risks while maintaining operational resilience. “Improved alignment within the C-Suite can provide clearer guidance on cybersecurity priorities by fostering a unified approach to risk management,” she adds, emphasizing that cyber resilience is essential for businesses to protect intellectual property and digital assets in an interconnected world.
Intentions Don't Matter
For Jordan Avnaim, CISO at Entrust, the intent behind insider threats is irrelevant; what matters is the damage they cause. “Shadow IT, misconfigured systems, and overly permissive accounts can lead to significant breaches that impact a company's reputation and bottom line,” he warns.
Avnaim points to the importance of leveraging Zero Trust principles, identity-based security frameworks, and multi-factor authentication (MFA) to reduce unauthorized logins and privilege abuse. He emphasizes that while insider risks won’t disappear anytime soon, strengthening identity ecosystems and adding greater security can greatly reduce the risk of data breaches.
Fostering a Culture of Security
Doug Kersten, CISO at Appfire, believes that fostering a security-first culture is critical in mitigating insider threats. “Insider threat incidents, whether intentional or not, are among the most damaging, often carried out by trusted individuals,” he notes. Encouraging employees to report suspicious behaviors, such as unusual working hours or secretive actions, can help detect insider threats early.
Kersten also highlights the importance of continuous monitoring for unusual activities, such as large file downloads or access from unfamiliar locations, to enhance SaaS security. By embedding security into everyday operations and encouraging open dialogue about risks, organizations can reduce the potential for insider threat incidents.
The Shift to Zero Trust
In today's complex cybersecurity landscape, Roman Arutyunov, Co-Founder and SVP of Product at Xage Security, argues that the traditional security model of "keeping the bad guys out" is no longer effective. “Organizations should shift toward incorporating zero trust architecture to prevent insider threats,” he states.
Arutyunov underscores the national security implications, particularly in critical infrastructure sectors such as energy and manufacturing. By adopting zero trust security, businesses can safeguard essential services and ensure resilience against internal threats.
Data Resilience and Layered Defense
As insider attacks rise, Dale "Dr. Z" Zabriskie, CISSP CCSK at Cohesity, emphasizes the importance of multi-layered defenses, particularly against ransomware. “Organizations must have a multi-layered defense strategy to combat these threats,” Zabriskie states. This includes immutable snapshots, encryption, and strict access controls to ensure critical data remains secure.
Zabriskie highlights the increasing frequency of ransomware attacks, pointing to recent surveys that show a majority of businesses have fallen victim to such attacks within the last six months. “Being prepared with these layers of defense is crucial for cyber resilience in the fight against both ransomware and insider threats,” he adds.
Prevention-First Approach
As businesses generate unprecedented amounts of data, Carl Froggett, CIO of Deep Instinct, warns that insider threats are growing in both number and impact. “Insider threats now account for 60% of all cyberattacks,” Froggett states, underscoring the need for proactive prevention.
Froggett urges organizations to adopt a prevention-first approach to cybersecurity, focusing on protecting sensitive data at rest or in motion and scanning for malware in files entering and leaving the network. By preventing insider threats before they materialize, businesses can protect their most sensitive assets.
Protecting Sensitive Data
Clyde Williamson, Product Management, Innovations at Protegrity, highlights the challenge of securing data against both malicious and unintentional insider threats. “Creating a ‘Fort Knox’ level of data security isn’t achievable for most organizations,” Williamson explains. Instead, he advocates for encryption and tokenization strategies that make data unreadable except for those who need access.
Williamson emphasizes the importance of these guardrails to limit the impact of insider threats, ensuring that human error or malicious attacks have minimal consequences.
Document Security in Focus
DeeDee Kato, Vice President of Corporate Marketing at Foxit, brings attention to the often-overlooked area of document security, especially for PDFs. “It is important to know that not all PDFs are created equal—especially when it comes to providing protection against internal or external threats,” Kato warns.
She recommends that businesses choose PDF software with robust protection features like encryption, digital signatures, and redaction tools to prevent unauthorized access. Kato also highlights the importance of advanced permission settings, audit trails, and tracking capabilities to comply with data protection regulations. “Remain relentless in your pursuit to prevent insider threats—even in the seemingly harmless PDF,” she concludes.
Data Protection Strategies
Kevin Cole, Director of Technical Marketing and Training at Zerto, a Hewlett Packard Enterprise company, highlights the significant role human error plays in data loss. “Recent research from Zerto shows that human error accounts for nearly half (46%) of all unrecoverable data losses,” Cole explains. With Insider Threat Awareness Month upon us, he urges organizations to re-evaluate their data protection strategies to prevent unauthorized access and ensure quick recovery after incidents.
“Insider threats can blindside an organization and cause severe damage to its reputation, operations, and finances,” Cole warns. He emphasizes the need for proactive investments in data protection solutions that safeguard against unauthorized access and ransomware attacks.
The Challenge of Unstructured Data
Carl D’Halluin, Chief Technology Officer at Datadobi, points out that unstructured data—often the largest portion of a company’s data—presents a unique risk. “Unstructured data is the most difficult to manage, secure, and protect, making it attractive to those who wish to exploit it for personal gain,” D’Halluin notes.
D’Halluin advises organizations to invest in solutions that provide visibility and control over unstructured data, emphasizing the importance of training employees to safeguard this data. He adds, “An ounce of prevention is worth a pound of cure when it comes to insider threats.”
Conclusion: The Human Element
National Insider Threat Awareness Month reminds us that insider threats can come from anyone within an organization, whether through negligence or malicious intent. As Katie Paxton-Fear, API Researcher at Traceable AI, points out, “Unlike other cyberthreats, insider threats have a significant human element.”
Paxton-Fear recommends businesses establish comprehensive offboarding procedures, regularly audit permissions, and foster a supportive work environment to reduce the risk of employees turning into insider threats.
Ultimately, insider threats pose a growing challenge to organizations across industries, but with a combination of technology, security awareness, and robust policies, businesses can protect themselves from within.