Insider Threats: The Signs You Won’t See Till You Do!

Insider threats are employee-performed threats that are becoming more common. According to CA Technologies, 31% of the organizations believe that insider threat causes more damage as compared to those 14% who believe damages from external threats are more acute [1]. Yet, most of the employers do not maintain a close eye on their staff. The employees from higher cadre are less questioned and monitored compared to middle and lower level management staff.

CA Technologies has conducted real-time research on insider threats and have revealed interesting facts about this malicious or negligence attack. Few of the key findings are as follows [1]:

The most crucial problem with an insider threat is difficulty in locating the intruder as well as the intrusion. When you doubt your own employees, they may lose trust in you. An insider can be a full-time employee, freelancer, consultant, or a contractor working on a specific task. It can be anyone who has a connection with the organization either direct or indirect.

According to Ponemon’s research, if the incident involved a negligent employee or contractor, companies spent an average of $283,281 as a total cost to identify the threat. The average cost more than doubles if the incident involved an imposter or thief who steals credentials ($648,845). Hackers cost the organizations represented in this research an average of $607,745 per incident [3].

5 Ways How Insiders Become Threats and How to Deal with Them

Basically, there are three primary threat actors: malicious, negligent, and complacent. Insider threats are the potential for an insider to harm an organization by leveraging his or her privileged level of knowledge and/or access. An insider threat is not necessarily driven by malicious intent: it may also constitute an individual who is complacent or negligent toward security policies and procedures. Broadly, the insider threats are divided into the following five categories:

Types of insiders Problem Signs Solution
Disgruntled employee Lack of recognition, long pending appraisal, less salary hike, poor management, etc. Reduction in productivity, isolation from colleagues and managers, and agitated mood Augment security training using technological measures Explain that the privileged access will be assigned on a need-to-know basis Use DLP to prevent data loss
The leaver Negligence of technical team, ineffective exit formalities Employee joining a competitor, over-friendly with existing employees even after leaving, starting a business similar to yours Ensure removal of access immediately after leaving including freelancer and business partners or their employees
The poacher Loss of intellectual property Spending extra hours on work before leaving. Difficult to find as they are backed by competitors Change all the access credentials of crucial project details or intellectual property details, especially when a senior employee leaves
Unintentionally Lack of security awareness, ignorance, or naive Mostly active on social media networks, access personal accounts from the office network Block personal usage of official IT infrastructure, behavioral training to employees on social engineering attacks, stress on good cyber hygiene and diligence
Second income source Exploiting company’s resources, accessing data, and making it vulnerable Hard to locate, appear to be productive but end result will be less Technologies such SEIM and data loss prevention measures can mitigate the impact

Want to Understand How to Identify Insider Threats and Suggest Strategies to Combat Them in the Long Run?

Join the Certified Ethical Hacker program from EC-Council. Certified Ethical Hacker (C|EH) is aimed to master the ethical hacking methodology that can be used in a situation where you are involved in ethical hacking or penetration testing. C|EH is a credential that gives you confidence of learning required ethical hacking skills that are highly in demand. The course comprises 20 of the most security domains along with 340 attack technologies. Modules of the C|EH train you in the five phases of ethical hacking beginning with reconnaissance, gaining access, enumeration, retaining access, and covering your tracks. The recent version 10 of C|EH curriculum also covers methods of vulnerability analysis and IoT hacking, and more, it is now mapped to NICE Framework’s Protect and Defend specialty area. Modules of C|EH focus on emerging new technologies such as cloud computing, artificial intelligence, and latest malware analysis, along with latest hacking tools for different operating systems.

For more details about C|EH, visit our website: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/

Becoming an Ethical Hacker on your checklist?

Make sure you choose the right pathway for your career progression!


  1. https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=77014377USEN
  2. https://www.ca.com/content/dam/ca/us/files/ebook/insider-threat-report.pdf
  3. https://www.ponemon.org/blog/tag/cost%20of%20insider%20threats
Editor's Note:
Reviewed by JoAnne Genevieve Green, Adjunct Professor – Cyber Crimes at the University of Pittsburgh and Dawie Wentzel, Head of Cyber Forensic Investigations, Absa Group Ltd
get certified from ec-council
Write for Us