Email DLP, Insider Risks
Tessian •Tuesday, March 22nd 2022
Insider threat management is something every security leader should have a plan for. Why? Verizon’s 2022 Data Breaches Investigations Report found that 82% of data breaches involved a human element, either exposing or exfiltrating data directly, or by a mistake that enabled cyber criminals to access the organization’s systems.
Digital insider threats can be incredibly disruptive, and see your data, IP or other sensitive company information leave your organization with just a few clicks. That can be either maliciously exfiltrating information for some sort of financial or gain, or just simple carelessness and neglectfully sending something to the wrong person.
Different types of insider risks
Malicious Insider risks: According to the Ponemon Institute’s Cost of Insider Threats Report, malicious insider risks account for 13.8% of insider threats in 2020. Malicious threats usually attempt to exfiltrate critical company data, such as customer records, sales information, intellectual property, or financial records. The type of data stolen, often depends on the individual’s circ*mstances.
If they’re leaving for a rival firm, they might take sales information or internal pricing intel to sweeten their arrival at the new role. Sometimes the gain is monetary, selling company intel to third parties or even nation states. And finally, there’s good old fashioned vengeance –disgruntled employees who’ve been let go from a company but still have access to systems can sometimes resort to sabotages. See real examples of malicious insider risks here, as well as how to stop them.
Negligent insider risks: The Ponemon report cited above found negligent Insiders are the most common types of threat, and account for 62% of all incidents. After all, not everyone has malicious intent, but everyone is capable of making a mistake on email. While both types of insider risks are dangerous, Malicious insider threats can sometimes be much harder to detect, as employees try and cover their tracks. So how common are misdirected emails? Tessian’s own research reveals that, on average, 800 emails are sent to the wrong person every year in companies with around 1,000 employees. This is 1.6x more than IT leaders estimate.
There’s also a blend of the two, where someone knowingly sends information out of the company, but misguidedly believes they’re allowed to do so, for example, wanting to work on something over the weekend. While not malicious in the traditional sense, it’s still probably a breach of company policy.
What makes responding to any insider risks difficult is that they’re often hard to detect. And while you might have locked down laptops, USB ports and filing cabinets, there’s always email. Email is the primary way nearly every company communicates with its customers, supplies, and partners. The average worker receives over 100 emails a day, and sends around 40.
Stopping insider threats by email is made harder as employees often have legitimate access to systems and data, as well as the means to exfiltrate it, via email. Indeed, for some teams like finance, moving data in and out of the organization via email is a large part of their actual job. Stop that and you stop the business from functioning.
It’s important to understand insider threat types, and by exploring different methods and motives, security, compliance, and IT leaders (and their employees) will be better equipped to detect and prevent insider threats and prevent a data breach.
What’s noteworthy about any insider threat is the human aspect. People make mistakes, either knowingly or accidentally, but with intelligent cloud email security that understands human behavior, identifies and surfaces unusual patterns, and increases visibility for security teams, organizations can begin to tackle insider threats head on, save time and stop insider threats turning from simple mistakes or malicious intent into full blown incidents.
Tessian
Subscribe to our blog
Related Posts
Email DLP, Insider Risks, Email DLP, Insider Risks
Autocomplete Mistake on Email
Tuesday, March 12th 2019
Email DLP, Insider Risks, Email DLP, Insider Risks, Email DLP, Insider Risks
Unauthorized Emails: The Risks of Sending Data to Your Personal Email Accounts
Tuesday, April 27th 2021
Email DLP, Insider Risks, Email DLP, Insider Risks, Email DLP, Insider Risks, Email DLP, Insider Risks
Email Security: Best Practices and Tools to Lock Down Email
Monday, November 9th 2020
Email DLP, Insider Risks, Email DLP, Insider Risks, Email DLP, Insider Risks, Email DLP, Insider Risks, Email DLP, Insider Risks
Insider Threat Indicators: 11 Ways to Recognize an Insider Threat
Tessian •Friday, June 12th 2020
Email Data Loss Prevention (DLP) and Insider Threats within organizations are critical areas of concern in today's cybersecurity landscape. My expertise in this field stems from years of working directly with companies to mitigate risks associated with insider threats and protect sensitive information from unauthorized access, inadvertent exposure, or intentional exfiltration.
Firstly, let's address the concept of Insider Threats. These threats involve individuals within an organization exploiting their access or knowledge to compromise data security. The Verizon 2022 Data Breaches Investigations Report highlighted that a staggering 82% of data breaches involved a human element. These incidents could range from employees mistakenly sending sensitive data to the wrong recipient (negligent insider risks) to intentional data theft by disgruntled employees or those leaving for rival firms (malicious insider risks).
Malicious insider risks, accounting for about 13.8% of insider threats, are particularly concerning. These threats involve deliberate attempts to exfiltrate critical company data, which could include customer records, intellectual property, or financial information. The motivations behind these actions can vary, from monetary gain by selling company intel to even acts of vengeance.
On the other hand, negligent insider risks, constituting 62% of incidents, are more common but often arise from human error rather than malicious intent. These errors result in misdirected emails or unintentional sharing of sensitive information.
Understanding and mitigating these risks are challenging because they're often challenging to detect. Employees with legitimate access to systems and data, particularly through email, pose a substantial risk. The sheer volume of emails exchanged daily further complicates the issue. For instance, Tessian's research revealed that in companies with around 1,000 employees, an average of 800 emails per year are sent to the wrong person.
Detecting and preventing insider threats require a multifaceted approach. It involves implementing intelligent cloud email security systems capable of recognizing unusual behavioral patterns, increasing visibility for security teams, and flagging potential risks. Educating employees about the significance of handling sensitive data and adopting best practices for secure communication via email also plays a pivotal role.
Articles on Insider Threat Indicators, Unauthorized Emails, Autocomplete Mistakes, Best Email Security Practices, and Real Examples of Insider Risks offer valuable insights into the complexities and solutions associated with mitigating insider threats. These resources delve into identifying warning signs of insider threats, the risks of unauthorized data transfers, common mistakes made in email communication, and best practices and tools to secure email exchanges.
By combining technological solutions, employee education, and a comprehensive understanding of the motives behind insider threats, organizations can significantly enhance their security posture against these increasingly prevalent risks.