Insider threats loom larger during economic turmoil

Any time there is significant economic turmoil stemming from, for example, a trade war there is a distinct possibility that layoffs will be made which, unfortunately, increases the probability that one or more disgruntled employees might consider engaging in some form of retribution involving a data security breach.

These threats can span everything from data encryption to IP theft and more. When terminating an employee, the challenge is ensuring that appropriate security controls are implemented in coordination with the human resources teams responsible for layoffs. It’s crucial to handle terminations carefully so employees aren’t unexpectedly locked out of systems.

In general, insider threats have historically been among the most challenging issues that a cybersecurity team confronts. While not usually rampant, an insider threat given the permissions an individual might have can be lethal. A survey of 413 security professionals conducted last year found for the 32% that dealt with insider threats, the average cost to fully recover averaged between $100,000 and $499,000. 21% reported much steeper costs, ranging between $1 million and $2 million.

A majority of respondents (52%) also admitted they do not have the tools to confidently handle insider threats today. Another 28% acknowledge having some tools but recognize shortcomings that need to be addressed, while 6% said they lack critical tools needed for effective monitoring and protection. A total of 18% are uncertain about the tools they have or their effectiveness.

Unfortunately, cybersecurity concerns are not always top of mind when organizations are terminating employees. There can be a lot of trauma for everyone involved, so it may not always occur to anyone that the employee being terminated might engage in any rogue behavior. It’s not uncommon, for example, for someone working on a project to conclude that the output of that effort belongs to them rather than the organization that paid them to help create it.

On the plus side, many cybersecurity teams have become more adept at identifying insider threats out of necessity. Cybercriminals have been using stolen credentials that enable them to pose as an insider for months at a time before inflicting any damage. That approach enables them to slowly escalate privileges to gain access to an organization’s most sensitive data. Cybercriminals these days are not so much breaking into IT environments so much as they are simply logging in like any other end user. In a handful of instances, organizations have even hired IT employees to only later discover they are operatives for a nation state.

It’s always disconcerting whenever a cybersecurity team realizes that the very individuals they have been trying to protect also represent a potential threat. The important thing to remember is their ultimate responsibility is to protect the organization that hired them from all cybersecurity threats no matter where and how they might have emanated.