Last year, a Canadian bank suffered a data breach that affected some 2.7 million people and around 173,000 companies. The stolen information included names, addresses, dates of birth, social insurance numbers, email addresses and information on customers’ transaction habits. The culprit of this breach? A malicious insider.
According to the Ponemon Institute’s Cost of a Data Breach Study, along with hackers, malicious insiders are the leading cause of data breaches. What’s more, incidents caused by insiders tend to have larger costs than other breaches.
The cost of an insider is on the rise
The Ponemon Institute has published a report called 2020 Cost of Insider Threats: Global, in which it reveals a series of eye-opening statistics about insider threats. For the study, researchers interviewed 964 IT and IT security practitioners in 204 organizations in North America, Europe, Middle East & Africa and Asia-Pacific.
The most striking figure is the increase both in the frequency and the cost of incidents of this kind: over the last two years, the number of incidents has increased 47%. What’s more, a staggering 60% of organizations suffered over 30 incidents per year.
Over the same period, the cost of these incidents has increased by 31%: the average cost of an insider is now $11.45 million (€10,361,792) per year. Among the organizations surveyed, there were 4,716 incidents caused by internal threats.
Not every insider is the same
To differentiate between the different kinds of insider threats, the researchers divided them into three categories: unintentionally negligent employees or contractors; credential thefts leading to unauthorized access to applications and systems; and malicious insiders who intentionally damage the organization from within.
Of these three profiles, credential thefts are the most harmful, with an average cost of $871,000 (€788,220—three times more costly than a negligent insider. This case makes up 25% of insider incidents, which means they have an annual cost of $2.7 million (€2,443,068).
Negligent employees or contractors are by far the most common kind of insider, making up 62% of insider incidents, with an average per-incident cost of $307,111. Because of how frequently they occur, negligent insiders have a high annual cost: an average of $4.58 million (€4,144,991).
Malicious insiders are the least frequent—only 14% of incidents involve this kind of insider. However, this doesn’t mean that the financial repercussions are insignificant: the average per-incident cost is $756,000 (€684,195), with annual losses of 4.08 million (€3,692,481).
Time plays an important role
With many cyberthreats, time is a crucial element, and insiders are no exception. The report discovered that the longer an insider threat is on the system, the more it costs to resolve it. Incidents that took longer than 90 days to resolve cost an average of $13.7 million per year (€12,391,517), while those that took less than 30 days had an average cost of $7.12 million (€6,439,971), a significant difference.
However,the results of the study show that many companies will have to deal with hight costs because of the time taken to respond to an incident: the average time to contain an insider is 77 days, while only 13% are contained in under 30 days.
The size of the company matters
Another important factor in determining the cost of an incident is the size of the organization: large organizations (over 75,000 employees) spent a yearly average of $17.92 million (€16,208,466) on containing insiders, compared to $7.68 million (€6,946,486) spent by organizations with fewer than 500 employees.
How to avoid insiders
To avoid this kind of incident, it is important to follow a series of vital measures. One of the most important steps is to limit the number of users with privileges and access to sensitive information. If an employee doesn’t need to have access to this kind of information in order to do their work, it is better to restrict what they can see, and thus avoid improper access.
Similarly, it is important to raise employee awareness about the risks they could face. Given that negligence is the leading cause of insider incidents, it is essental to teach employees about the importance of taking care of their passwords or not sending sensitive information to incorrect email addresses.
Another essential measure in any strategy are advanced cybersecurity solutions. Panda Adaptive Defense proactively monitors absolutely all activity on the IT system, including legitimate processes. This way, if anyone is using a legitimate process to carry out malicious activities, Adaptive Defense can stop the process.
Insiders may seem like an unstoppable threat, given that they come from inside the organization itself. However, with an appropriate strategy and an advanced cybersecurity solution, your company will be safe from all threats, be they internal or external.