Contact Us

Contact Us

Please get in touch using the form below

I prefer to be contacted by:
View our privacy policy
Learn how to build a successful cloud security monitoring strategy. Download our e-book.

Overview

Identify and eliminate insider threats before they damage your business

Whether acting out of malice or negligence, insider threats pose a significant cyber security risk to all organisations. Recent research from the Ponemon Institute suggests the average cost of insider-originated incidents is almost twice that of the average breach.

While the dangers posed by insider threats are becoming more widely recognised, not enough organisations are allocating sufficient resources to mitigate the risk they pose.

An inside attacker exfiltrating sensitive data

Insider threats

What is an insider threat?

Insider threats in cyber security are threats posed by individuals from within an organisation, such as current or former employees, contractors and partners. These individuals have the potential to misuse access to networks and assets to wittingly or unwittingly disclose, modify and delete sensitive information.

Information at risk of being compromised could include details about an organisation’s security practices, customer and employee data, login credentials and sensitive financial records. The nature of insider threats means that traditional preventative security measures are often ineffective.

Types

Types of insider threats

Insider threats in cyber security are either malicious or negligent in nature.

Malicious insider threats result from rogue employees and contractors leaking confidential data or misusing their access to systems for personal gain and/or to inflict damage and disruption. Criminal insiders may work alone or collude with external threat actors such as competitors and hacking groups.

Negligent insider threats result from inadvertent employee errors, such as users falling victim to phishing emails or sharing data on insecure devices and USB sticks. Insider threat examples include:

Second streamers
Second streamers are current employees that misuse confidential information to generate additional income through fraud, external collusion or selling trade secrets. Gartner suggests that these account for 62% of malicious insider threats.
Disgruntled employees
Disgruntled current or former employees that commit deliberate sabotage or steal intellectual property can be among the costliest threats to organisations. Gartner’s insider threat statistics suggest 29% of criminal insiders commit theft for financial gain, while 9% are driven by a desire to commit sabotage.
Inadvertent insiders
Employee negligence is one of the most common types of insider threats. Negligent employees include users who exhibit secure and compliant behaviour but make occasional errors. Many negligent employees do not realise their mistakes until it is too late.
Persistent non-responders
Some employees, often senior executives, are unresponsive to security awareness training, consistently exhibiting behaviours that could leave them vulnerable to compromise. These users are more likely to be repeatedly targeted by social engineering scams such as BEC attacks.

Mitigation

How to mitigate the risk of insider threats

The complexity of detecting and responding to insider threats means that no single solution can claim to reduce the risk entirely. Instead, organisations should look to adopt layered approach, encompassing a range of security controls and processes. Organisations should:

  • Conduct regular risk assessments to understand the potential impact of insider attacks
  • Provide regular security awareness training for all staff
  • Closely manage the accounts and privileges of all employees and contractors
  • Perform penetration testing at least annually to help identify security improvements
  • Commission a simulated phishing assessment
  • Implement 24/7 network and endpoint monitoring to detect anomalous behaviour

ThreatDetect™ MDR

The benefits of Managed Detection and Response

Proactive monitoring of networks, endpoints and users plays a crucial role in helping to identify insider threats. ThreatDetect™, Redscan’s award-winning MDR service can help to identify suspicious activity, such as attempts to access systems and edit and exfiltrate data.

For a cost-effective subscription, ThreatDetect supplies the skilled security experts, cutting-edge technology and up-to-the-minute industry intelligence needed to hunt for and shut down attacks that originate from both the outside and the inside.

ThreatDetect MDR

Challenges

Other cyber security challenges

Our Services

Our award-winning services

Redscan’s security services are designed to provide the vital assistance needed to make tangible improvements to your organisation’s cyber security posture.

ThreatDetect MDR

Managed Detection and Response

Award-winning support to rapidly detect and respond to the latest threats 24/7

Read more

Assessment Services

Specialist engagements to uncover and address hidden cyber security risks

Read more
A person choosing from a range of Managed Security Services

Managed Security Services

Expert help to manage and monitor your choice of security technologies

Read more

Get in touch

Complete the form for a prompt response from our team.

I prefer to be contacted by:
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
24th February 2021
Cyber attacks reported as rising by 20% in 2020
A new report has highlighted that pandemic-related threats contributed to a 20% increase in cyber security threats in 2020.  
16th February 2021
Redscan’s NIST NVD analysis reveals record number of critical and high severity vulnerabilities in 2020
Our new report explores the more than 18,000 Common Vulnerabilities and Exposures (CVEs) logged to NIST’s National Vulnerability Database in 2020. It reveals that well over half (57%) were rated ‘high’ or ‘critical’ severity – the highest recorded figure for any year to date. Read the report here.
9th February 2021
Only a third of UK organisations offer cyber security training for remote workers
According to a new report, just a third of UK organisations have offered staff working from home any cyber security training, despite the rapid rise in remote working.  
2nd February 2021
UKRI suspends services due to ransomware attack
UK government body, UK Research and Innovation (UKRI), has had to take a number of services offline while it investigates a ransomware attack on its systems which took place at the end of January. The attack led to the encryption of data by a third party and affects a number of its online assets.