From the WELL Cybersecurity Division

The Insider Threat

Have you heard the term “Insider Threat”?  I’m not talking about the 2006 Denzel Washington movie, The Inside Man (good movie BTW).  The cyber security world defines the term as a cyber security risk that originates from within an organization.  It typically occurs when a current or former employee, contractor, or vendor with legitimate user credentials misuses their access to the detriment of the organization’s networks, systems and data.  The important thing to understand is that the intent is irrelevant.  It’s easy to comprehend how a disgruntled employee may steal data or proprietary information for nefarious purposes.  But an employee that falls victim to a phishing attack is also considered an inside threat.  This individual’s poor judgment has placed the organization at risk.

Experts believe that insider threats are the cause of most data breaches.  32% of incidents where confidential records (trade secrets or intellectual property) were compromised or stolen. are attributed to an insider breach.  I won’t get into the various types of insider threat profiles.  But please be aware that beyond the employee that has inadvertently given out credentials, there exist real campaigns where attackers offer compensation to targeted employees for company data.

While there are tools available that monitor and identify possible inside threats based on unusual employee activity, the reality is that these systems are expensive and complicated.  Unfortunately, most of these systems are designed for large organizations.

What can you do to defend against this type of attack?

  1. Modern desktop anti-malware solutions offer some protection by detecting unusual activity on the computer. They can monitor and block the user’s (or attacker’s) ability to run malicious software, run unauthorized software, access dangerous websites, etc.
  2. Provide employees with ongoing cyber security training. An educated employee develops a cybersecurity-first mindset and will be less likely to fall for a phishing attack.
  3. Monitor employee behaviour for unusual activity. Are they suddenly seeking access to information that does not pertain to them?  Are they working odd hours?  Are they unhappy?
  4. Ensure that accounts are locked/disabled/deleted immediately upon termination or exit.
  5. Investigate the option of using a managed service to provide insider detection tools. This may be a cost-effective approach to having professionals keep an eye on your systems.

Defending against an insider threat can be a challenge and some feel like this is a bit of a “big brother watching” concept.  Data has become an incredibly valuable commodity.  Data is also easily accessible and transferrable without appropriate security measures.  Since every organization has proprietary data or access to PPI/PHI, the responsibility to protect this information falls on all of us.

If you have any questions or need some help improving your cybersecurity, please contact me at

Scroll to Top