Determining the definition of insider risk to your organization is half the battle in mitigating the threat. The other half is more complicated, involving security culture, defined procedures and responses, and a little bit of technology.
Anyone with access to your organization — employee, contractor, former employee, etc. — poses a potential risk to the enterprise. A well-intentioned employee holding the door open for a stranger; a contractor getting his laptop with private company information stolen at the airport; a disgruntled cubemate posting company information on her social media platform of choice; a finance worker unwittingly giving password or computer access to a fake IT employee. The list goes on.
Insiders have always been potential risks to an organization, and yet with increased work-from-home situations and additional stressors heightened by the COVID-19 pandemic, security incidents from insiders continue to accelerate. According to the Ponemon Institute’s 2020 data, the number of reported insider incidents increased by 47% between 2018 and 2020.