WatchGuard Blog

Insiders cause 20% of data breaches

Apart from external attackers, organizations need to consider another type of threat when planning their cybersecurity strategy: insider threats. There are different types of insiders. On the one hand, there are people who have secret knowledge and unintentionally create risk openings within an organization; and on the other, there are others who intend to cause harm, motivated by profit, extortion, or personal grievance. This means insiders can be classified as follows: 

  • Accidental insiders: a person within the organization who unwittingly performs an inappropriate and potentially dangerous action. 
  • Negligent insiders: a team member who does not actively seek to harm the company but decides to take a risky and inappropriate action, hoping it will not become a threat.  
  • Malicious Insiders: an insider who intentionally acts to harm the organization.  

Verizon's Data Breach Report 2022 reveals that insiders have caused 20% of global data breaches. In addition, a Ponemon Institute study notes that, on average, it takes 85 days to mitigate an internal security incident, forcing organizations to invest more resources in prevention, detection, and remediation.

Malicious Insiders 

The Verizon report also indicates that there have been 275 incidents caused by the intentional misuse of privilege this year, of which 216 resulted in confirmed data disclosures. The incident at General Electric is a prime example of an insider threat case, where a former and current company employee stole records of a computer program and mathematical model that GE used to calibrate power plants expertly. They also downloaded thousands of files from the company's system, including some containing trade secrets, to set up their own company and compete against their former employer. 

The main motive for internal data breaches is financial (78%), although grudge (9%), espionage (8%), and convenience (6%) also feature in the report's findings. These actors, motivated mainly by financial gain, steal personal data (70%), followed by medical data (22%), both of which are easy to monetize. 

The role partners play in a proactive defense 

Cybersecurity partners are well placed to mitigate these types of attacks. To deliver the value clients need, their portfolio must include an endpoint protection solution that gives devices on the network visibility and is capable of providing threat prevention, detection and response, as well as detecting anomalous behavior by users. This solution needs to include the following features:  

  • EDR functionalities for continuous monitoring zthat block the execution of unknown processes and automate detection, containment, and response to advanced threats.
  • EPP functionality that protects against viruses, malware, spyware, and phishing. 
  • Behavioral analysis and detection of scripts, macros, etc. of indicators of attack (IoAs). 
  • URL filtering, device control, and a managed firewall. 

This endpoint protection solution must be complemented by sensitive and personal information monitoring capabilities, which help establish prevention and control mechanisms while assessing the origin and impact of a potential data breach.   

Data encryption tools are the most effective way of avoiding incurring the high costs associated with managing a data breach after the loss or theft of laptops and removable storage drives. MSPs must combine an integrated endpoint solution with encryption and data control products.  

For a cybersecurity partner, visibility is crucial when responding to alerts. Managing different solutions in a single dashboard managed from the Cloud gives MSPs a competitive advantage. According to a Pulse survey, 95% of MSPs believe they are less efficient when switching between different product interfaces. For this reason, any solutions integrated into their portfolio must simplify tasks while providing the security required by today's increasingly complex cyber threat landscape. It's time to take a proactive defense.  

Share this: