Dealing With The Insider Threat

As cybersecurity professionals, we spend a lot of time and effort keeping outsiders off our network, and out of our servers and information repositories.  The good news is that today’s defensive solutions work pretty well, and we are largely successful defending threats from outsider the network perimeter.

Insider threats are a bigger concern.  There have been several high profile insider breaches, including the AWS breach by former employee Paige Thompson.  Her insider attack affected at least 11 other businesses, including Capital One.  Or the recent case of Yahoo employee and engineer Reyes Daniel Ruiz, who hacked 6000 Yahoo accounts.

The insider is usually a coworker, trusted business partner, or contractor at the company.  They already have user credentials and permissions to parts of the network.  This makes them particularly tough to defend, since we expect them to be there, and they have permissions to be there.

The main avenues where company information is breached are services such as:

  • Social networks such as Facebook and LinkedIn.
  • Personal email accounts.
  • Cloud-based file storage such as OneDrive, Google Drive, Dropbox, and Box.
  • USB keys and external drives.

Other ways that employees or even managers may inadvertently or accidentally cause loss of company information can be by opening phishing links or attachments.

Departing employees often feel entitled to take company information with them when they leave, especially if the information is something that hey created or handled routinely in the job role.

Prevention can include:

  • Blocking popular public email services such as Gmail and
  • Blocking or filtering social network sites.
  • Start a data loss prevention program.
  • Make employees aware that your company is on the lookout for unauthorized information transfers, unusual amounts of file access, and file copying.
  • Block USB ports in the BIOS if you can.

These are a few ways that the insider threat can be mitigated in your organization.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.