Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity NewsEnterprise Services

Can your organization see an insider threat coming?

How to know when an insider is about to go rogue

By Tyler Farrar
insiders-freepik1170x658b.jpg

Image by graystudiopro1 via Freepik

July 19, 2022

The term ‘insider threat’ is most commonly used to describe a cybersecurity incident that has been caused by an employee or a trusted third party. While the motivation for insiders varies, most often, breaches are financially-motivated. Insider threats are more common in certain industries, too — such as healthcare, the financial sector, and government institutions — but they can compromise the information security of any company.


There are two distinct types of insider threats — a rogue or malicious insider and a negligent insider. While many of the most highly publicized breaches were caused by external adversaries, rogue or malicious insiders knowingly and intentionally steal data. This type of threat is increasingly to blame for sensitive data loss because their behaviors appear to security analysts as legitimate users. These personas can range from system administrators, contractors and end users to developers, managers and executives. Insider threat detection is a major blindspot for security operations center (SOC) analysts because ‘trusted’ user behavior doesn’t set off alerts in most security tools.


Typically, a negligent insider is an average employee who has made a mistake. Often, breaches happen when an employee’s account credentials are stolen and used by external sources as legitimate keys to access and exfiltrate sensitive data like financials, patents, and customer information. This type of threat is the number one vector for data breaches, according to the Verizon 2021 Data Breach Investigations Report. 


Insider threats are particularly insidious because the risk is mostly unseen. When it comes to an employee or trusted partner using privileged access for malice, is it possible to know from their behaviors if someone is about to go rogue? Without a proverbial ‘crystal ball,’ it’s difficult to know for certain. But in this article, we will explore some behaviors that are strong indicators that a company has a potential turncoat within its ranks. 


The scale of the insider threat problem

Before we examine behaviors or preventative measures for insider threats, it’s important to understand the scale and scope of the problem. Unfortunately, the damage caused by compromised insiders continues to grow, and according to a recent Ponemon study, “2022 Cost of Insider Threats: Global Report,” which is updated every two years, insider threat is now the biggest cybersecurity risk for organizations. Since 2020:

●    The number of insider-related incidents increased by 44%. 

●    67% of organizations had more than 35+ insider-related incidents per year.

●    56% of insider-related incidents were the result of negligence.

●    26% of insider-related incidents were attributed to criminal insiders.

●    18% of insider-related incidents were attributed to credential theft.

●    Companies spend an average of $15.4 million annually to contain insider-related incidents.


A motivated attacker will use any and all tactics, techniques, and procedures (TTPs) at their disposal to reach their objective. Employees and trusted third parties can easily become unwitting accomplices by falling victim to a phishing or spear phishing attack by clicking a malicious link or opening a weaponized attachment. In essence, a compromised insider helps an attacker to carry out their plans.


Conversely, when a disenfranchised employee or contractor goes rogue and helps an attacker for personal gain, the effect can be quite damaging. In either situation, if the organization is caught flat-footed or not understanding the nefarious actions taking place in plain sight, it can be devastating. Compounding the challenges for organizations are the added risks brought on by current remote or hybrid work culture. 


Tell tale behaviors that lead to insider threats

Organizations can spot or predict insider threats by observing user behavior in the workplace and online. Being proactive may allow organizations to detect potentially malicious insiders before they exfiltrate proprietary information or disrupt operations. Here are some examples of behaviors that may lead to insider-related incidents:


●    Productivity has fallen, frequently completing a minimum amount of work.

●    Less willing to commit to long-term projects.

●    Exhibit a negative change in attitude or decreased focus on job matters.

●    Openly express dissatisfaction with their current job and/or supervisor.

●    Lost enthusiasm for the mission of the organization.

●    Decreased interest in working with customers.


Defending against the unseen enemy on the inside

Most legacy tools espouse a reactive security approach: collect data from across the organization, run static IOC and correlation rules to generate alerts. This approach is notorious for creating false positives. The result is slow, inaccurate responses and frustrated security analysts. When an attack materializes, the team struggles to outpace the attacker.


Proactive security platforms can help to detect threats based on risk using automated, machine learning-driven analysis, also known as behavioral analytics. With a baseline of normal behavior for users and assets, security teams are empowered to respond more quickly and decisively, increasing the accuracy of mitigating a security incident.


In addition to these benefits, automated risk visibility can illuminate the most common scenarios where organizations have become cyber-blind to user behavior issues. While predicting insider-related incidents is exceptionally difficult, there are things an organization can do to combat them, or prepare to limit any damage. These include security best practices that organizations can strictly implement. For example, frequent training for employees to understand and apply laws, mandates, or regulatory requirements that are related to their work; training and awareness on the steps to take that ensure all devices they use — both company issued and bring-your-own-device (BYOD) — are secured at all times; limiting the transmission of highly confidential data to unsecured cloud locations; ensuring that employees have access to automation for simple tasks, so they aren’t tempted to break the organization’s security policies to get work done faster; ensuring devices and services are kept patched and upgraded to the latest versions.


Insider threats are increasing in frequency, and in a work-from-anywhere business environment, they present greater risks to organizations than ever before. Through better understanding of the behaviors that potentially lead to compromise, organizations can proactively prepare to fight these threats. Using a combination of training, organizational alignment, and technology, the damage from an insider threat can be contained.

KEYWORDS: cybersecurity insider threats risk management security operations

Share This Story

Tyler Farrar is the Chief Information Security Officer (CISO) at Exabeam.

Blog Topics

Security Blog

On the Track of OSAC

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!