How to Deal With an Inside Security Threat

September 09, 2021

Insider threats in cyber security are a major problem for all companies. Cybercrimes are at an all-time high, and criminals aren't just targeting the big multinational corporations. Small and mid-size businesses are increasingly the victims of insider attacks. A 2020 Insider Threat Report from Cybersecurity showed that over the last 12 months, 70% of organizations have experienced one or more insider attacks, and these attacks are damaging - costing companies $300,000-$900,000 on average and almost two months to contain each one. Given how high the risk is and how much an attack can cost, all companies should be working to learn how to prevent insider threats.

What are these threats?

When we think of cyber-attacks, we often imagine some technology genius sitting in a dark room, writing complex computer codes to hack into sensitive cyber systems. These external threats, posed by an outsider trying to force entry into your data, may be real but there is another, much more common threat you should also be aware of.


An insider cyber security threat is any threat to a business by current or former employees. These threats can be especially dangerous because it's often the people you least suspect, and they can be so easy to accomplish. There's no need for technical expertise and no hours of struggling to gain access. In fact, something as simple as sending an email can be an internal threat to your information security.

Different types

An insider threat to cyber security is one of the hardest attacks to detect, because the people who are perpetrating it are the very people you are supposed to be able to trust. The first step to stopping it then, is for your internal security department to understand the different types of insider threats, so that you can detect and prevent them from the beginning.


There are several types of people who may pose an internal threat to your cyber security. The three most common make up 99% of internal threats. They are: imposters, malicious insiders, and mistake-makers.

Imposters -14% of incidents

Imposters are more like the classic external enemy. They are not actually a part of your organization, but have somehow gotten their hands on the credentials of one or more of your employees. They are then able to access your systems and mine your data. While these are the more traditional cyber attackers, they have found a way to operate from the inside, and because of that, they can be very dangerous and difficult to catch.

Malicious insiders - 23% of incidents

Malicious insiders, also called turn-cloaks, are employees, former employees, contractors, or other partners who are abusing their legitimate access to sensitive information for their own purposes. Often, these are disgruntled employees who may be looking for ways to hurt your company or to leverage some personal gain out of the job they are doing. Most cyber-attacks are motivated by money. In 2019, 71% of all breachers were driven by money, and 34% of all breaches were by insiders. Edward Snowden, who used his privileged access to make sensitive and secret information from American intelligence agencies public, is just one of many examples of an insider security threat by a malicious insider.

Mistake-makers - 62% of incidents

By far the most prevalent type of insider security threat is the mistake-maker, also called a pawn. Mistake-makers have no intention of causing a security breach and do not want to harm your company. They are simply employees, contractors, or partners who inadvertently expose your sensitive information to the public or to an external malicious operator. Insider threat examples from pawns could be falling for a phishing scheme, losing a laptop with sensitive information on it, or accidentally emailing sensitive information to the wrong people. While there are many ways that a mistake can be made, the result is the same - your sensitive data is compromised.

How to manage it or prevent it

By now, you are probably wondering how to prevent security threats. The answer is it's not easy. You must be proactive in developing a plan, and be willing to devote resources to the prevention of insider security threats.

Step 1. Identify sensitive assets

Before you are able to protect your company from insider cyber threats, you first have to identify where you are at risk. You should determine what your most valuable assets are and where they are. Then you should see who has access to them, why, and how often they are being accessed. Then you should create a plan to monitor these assets for when and who they are being accessed. That way you will be able to identify any abnormal behavior around them quickly.

Step 2. Develop a formal threat plan

You don't want to wait until you've been the victim of a cyber security threat to have a response plan. You need to create a formal threat plan that includes the continuous review of all of your security assets and programs, to ensure that you always have the right processes in place and the best technologies and partnerships to always be able to detect and prevent insider threats.

Step 3. Continuously monitor behaviors

The only way to prevent insider security threats is to continually monitor your cyber systems. You need to know who has access to sensitive information, and you need to be able to identify when any behavior becomes suspicious or abnormal.

How Vector Choice can help

Preventing insider cyber security threats before they happen can save you hundreds of thousands of dollars and months of work, but it isn't easy.


Even when you have an IT department with the knowledge and skill to monitor it, it can become so time consuming that they may struggle to also keep up with the day to day IT work you need to keep your business running. That's why Vector Choice is here to be your cyber security partner.


We specialize in keeping you safe. We'll work with your management and IT teams to create the perfect security plan for your business, and we'll make sure that everything is running safe and smoothly. Request a consultation today, and let us keep you safe from insider cyber threats.