Optistar uses cookies to make our website work properly and to provide the most relevant content and services to our clients and site visitors.


How Does An Employee Become An Insider Risk?

January 28, 2022

Insider Risk – A Constant That Must Be Accounted For In Any Security Plan

In the course of their work, employees are frequently faced with making decisions that can positively and negatively impact their company’s security. That’s why insider risk is a constant that must be accounted for in any security plan.  Insider risk was up by more than 40% in 2021. While insider risk is not something that can be eliminated completely, it can be mitigated. Businesses can uncover potential trouble spots and take action to smooth them out before they become problems if they know where to look. These five actions by employees can indicate the presence of an insider risk that needs to be mitigated quickly to avoid bigger trouble.  

How Do Employee Actions Generate Risk? 

More than 60% of cyberattacks in 2021 could be attributed to insiders. That is not a problem that will ever go away. As long as human beings are doing the work at a company, they will make missteps or take actions that harm the company whether they mean to or not. Accidental insider risk is just as harmful as malicious insider risk, and sometimes even worse. While some insider risk can be chalked up to the cost of doing business, other factors can be controlled – and smart businesses are making spotting those potential trouble spots a priority. 

Mistakes & Accidents 

Human beings will inevitably make mistakes. That’s why the number one cause of a data breach never changes: it’s always human error. Even your most conscientious employees will make security blunders like sending someone the wrong file. Human error is responsible for an estimated 90% of security breaches according to IBM’s X-Force Threat Intelligence Index. 

Social Engineering 

Today’s sophisticated phishing scams can be hard for even a seasoned professional to see through. Employees who are not educated on risks are prime targets for social engineering, especially if they are fearful of the repercussions of missing a message or asking for help. Over 65% of accidental insider threats come from phishing attacks

Inattention & Neglect  

Employees can be inattentive to security protocol when they’re stressed, rushed, overwhelmed or just confused. Those mistakes are understandable. But employees can also be inattentive to security protocol because they just don’t take it seriously, and that is a problem. Negligent employees create over 60% of security incidents. 

Credential Mishandling 

Credential misuse is one of the fastest ways for a company to have a data breach. Employees that are writing down passwords on sticky notes or sharing administrator passwords to eliminate bothersome approval steps are putting their company’s data security in danger. An estimated 70% of SMBs had employee passwords compromised in the last year. 

Malice & Revenge 

A disgruntled employee can wreak havoc fast. Beware of employees taking data with them when they leave or selling their still functional access credentials on the dark web. Malicious actors can also directly unleash a cyberattack by deploying malware themselves. Malicious insider actions are responsible for an estimated 25% of confirmed data breaches

Don’t Forget About Insider Risk Created by Remote Workers 

As the global pandemic continues to impact everyone, many companies are realizing that they will be supporting remote and hybrid work for much longer than they were anticipating. About 90% of IT executives in an IBM survey of remote workforce cybersecurity trends believe remote workers pose a security risk in general, and more than half believe that remote employees pose a greater security risk than onsite employees. Remote workers can more easily take actions like downloading data, selling passwords, accessing systems and data that they shouldn’t, connecting unauthorized devices to company networks and more. Remote workers are also significantly more likely to fall for phishing attacks.  

For many organizations, that means that the ad hoc security measures that they put in place in early 2020 are less of a temporary solution and more of a permanent necessity. More than 70% of respondents to a recent survey of IT leaders projected that at least one-third of their employees will remain remote for the next 18 months. In fact, Gartner reports that 85% of company leaders say that they plan to allow employees to continue remote or hybrid work permanently – which means that elevated insider risk because of remote workers is here to stay too.  

Zombie Accounts Can Also Come Back to Bite Businesses 

Old yet still active user accounts are insider risks that businesses may overlook. IT teams must be vigilant about cleaning up and deactivating old user accounts and permissions as well as removing accounts for employees who have been terminated immediately. If they are not, those zombie accounts offer malicious insiders an excellent opportunity to strike even if they no longer work for the company. Vengeance from disgruntled former employees is a major danger. Over 90% of malicious insider incidents are preceded by employee termination or layoff, and if that employee still has a valid access credential they can wreak havoc quickly. 

Zombie accounts are a serious data breach risk. Stolen data like sensitive client information, payment card data, records and proprietary information is very valuable, and it’s not hard to sell it in the booming dark web markets. Employees who are on their way out the door are one of the biggest risks in this department. An estimated 45% of employees download, save or send work-related files before they leave their job. Former users can also sell their access, opening companies up to intrusion by cybercriminals who have purchased a password for an old user account on the dark web. Stolen legitimate network credentials go for an estimated $3,000 to $120,000 depending on the company and level of privilege on the account. 

Smart Solutions Can Mitigate Insider Risk 

Companies are quickly realizing that if they want to mitigate things like insider risk and bolster their cyber resilience to prevent future trouble, they need to ensure the solutions they are relying on offer both great value and great functionality.  

Dark Web Monitoring 

If employees are going to sell access, data or other valuable information, they will be selling it on the dark web, where they can make a pretty penny. Our Dark Web monitoring enables companies to keep an eye on credential compromises from the inside. Monitoring employee passwords, business and personal credentials, domains, IP addresses and email addresses is a proactive approach to mitigate business threats. 

Security Awareness Training 

Organizations that regularly conduct security awareness training have up to 70% fewer cybersecurity incidents. Give employees the tools that they need to spot and stop insider threats, avoid cyberattacks like ransomware, and maintain compliance with security awareness training that can be tailored to suit the needs of your unique business with Optistar’s Security Awareness Training.

For more information on Optistar’s array of security services to mitigate the risks your business is facing, contact us at ask@optistartech.com today! 


— ID Agent



Back to Insights
Sign up for More Insights