INE security alert

Preventing the top 5 insider threats
Preventing the top 5 insider threats

Cary, NC, June 18, 2024 (GLOBE NEWSWIRE) — Internal security threats from employees and contractors, known as “insider threats,” can be just as damaging as external cyberattacks. According to a recent Ponemon Institute According to a study, the cost of insider risk is higher than ever, at an average of $16.2 million per organization, while the number of incidents increased 8% year over year to 7,343 incidents last year. These threats are difficult to detect because they come from within the organization, often from trusted individuals who have legitimate access to corporate systems.

“A proactive approach to identifying and mitigating insider threats is essential to organizations’ overall security posture,” said Dara Warn, CEO of INE security, a global leader in cybersecurity training and certifications. “We continue to see that cybersecurity training for businesses is critical to preparing employees at all levels to be the first line of defense against cyber threats. As organizations manage the complexities of growth and change, impactful, hands-on training is an important tool to mitigate insider threats.”

INE security has identified the five most common insider threats, as well as the most effective tactics to mitigate these risks.

1. Malicious insiders

Malicious insiders pose a particularly insidious risk within organizations because these individuals often have authorized access to and intimate knowledge of the company’s systems and processes, which they can exploit for personal gain, revenge, or ideological reasons. This category includes employees who deliberately engage in illegal activities, such as data theft, system sabotage, or installation of malicious software. The motivations for such actions can be complex and varied, ranging from financial incentives to workplace dissatisfaction or even coercion from external forces. These are employees who deliberately steal data, sabotage systems or otherwise harm the organization.

Prevention strategy:

  • A combination of behavioral monitoring and strict access controls, including software to detect unusual access patterns or large data transfers
  • Training sessions addressing the ethical and legal implications of data theft to deter potential malicious insiders
  • Regular audits of access to sensitive information
  • Promoting a positive workplace culture to reduce dissatisfaction

2. Compromised insiders

Compromised insiders represent important types of insider threats in cybersecurity because these individuals are often unknowingly manipulated by remote attackers to gain unauthorized access to sensitive systems and data. Sometimes insiders do not act of their own volition, but are compromised by external actors. This can be done through blackmail, social engineering, malware or even coercion, causing their login details to be stolen or misused. The danger is magnified because these employees, who have legitimate access rights, can inadvertently bypass many of the traditional security measures designed to thwart external threats.

Prevention strategy:

  • Stringent security measures, including multi-factor authentication and end-to-end encryption
  • Ongoing practical, hands-on cybersecurity training and education on the latest cyber threats and tactics used by attackers, as well as emerging tactics to mitigate cyber attacks
  • A workplace that promotes a culture of safety awareness that employees feel comfortable with

3. External suppliers and contractors

Third-party vendors and contractors present a unique set of cybersecurity challenges because they often need access to an organization’s systems to provide essential services, but this access can inadvertently create significant vulnerabilities. These external entities can become conduits for security breaches, either through direct malicious actions, but more often through negligence or inadequate security practices that expose critical systems. The integration of third-party services with business operations means that suppliers’ security measures must be as robust as those of the contracting company.

Prevention strategy:

  • Extensive due diligence and ongoing monitoring strategies that include pre-onboarding security assessments and clear contractual obligations
  • Regular audits and compliance checks using advanced security solutions such as privileged access management (PAM) and Secure Access Service Edge (SASE)
  • Provide access to training for third-party personnel to ensure cybersecurity protocols are followed

4. Negligent or untrained staff

Negligent or untrained personnel are among the most common sources of insider threats, especially because their actions – even if unintentional – can lead to significant security breaches. These employees can inadvertently release sensitive information by mishandling data, using unsecured networks, clicking phishing links, or even losing company equipment. Such mistakes often stem from a lack of awareness about the organization’s security policies or a misunderstanding about the potential consequences of seemingly small actions.

Prevention strategy:

  • Robust, mandatory training sessions that are comprehensive, engaging and accessible
  • Regular updates of training programs
  • Encourage employees to be vigilant and proactive in identifying and reporting potential security threats without fear of retaliation

5. Departing employees

Employees who leave an organization can inadvertently or intentionally take sensitive information with them and leave security gaps that can be exploited by malicious actors. They pose a clear threat to cybersecurity due to the access and knowledge they gather during their tenure, which can lead to data theft or system vulnerabilities. if this is not managed properly during the transition. Mitigating these risks is essential to detecting and preventing insider cyber threats.

Prevention strategy:

  • Immediate revocation of all access rights to corporate systems, networks and data
  • Seizure of all company property, including ID badges, keys and devices
  • Digital forensics to check the departing employee’s recent activities and verify that no unauthorized data transfers or suspicious actions have taken place
  • Ongoing threat hunting training for IT/IS staff to ensure offboarding protocols meet evolving technology standards


While technology provides crucial tools to mitigate insider threats, the human element cannot be overlooked. Verizon’s 2024 DBIR Report shows that the human element was part of 68% of breaches last year. It cannot be emphasized enough that well-trained personnel are your first line of defense against insider threats. Regular training ensures employees are aware of potential security threats and equipped to address them effectively. Combining technology solutions with comprehensive training creates a robust security posture that protects organizations from within, fostering a culture of awareness and proactiveness in cybersecurity practices.
About INE security:
INE Security is the leading provider of online networking and cybersecurity training and certification. Utilizing the world’s most powerful hands-on laboratory platform, cutting-edge technology, a global video distribution network and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for enterprise cybersecurity training, and for IT professionals who are looking to advance their careers. Offering unparalleled depth of expertise in cybersecurity, INE Security’s range of learning paths aims to provide cutting-edge technical training while lowering barriers globally for those looking to embark on and excel in an IT career.

CONTACT: Press Team
INE Security
[email protected]