Hooded Face with Question Mark

We often think of cyber threats as coming from a random hacker or an anonymous criminal. However, current and former employees who have intimate and valuable knowledge about a company are also capable of committing cyber crime. While researching insider threats, I found slight variations regarding what is or is not considered an insider threat.

The first variation or "school of thought" is that there has to be malicious intent. According to the US-CERT, an insider threat occurs when a current or former employee, contractor, or business partner who has or had authorized access to an organization’s network, system, or data, intentionally misuses that access in a manner to commit cyber crime.

The second variation or "school of thought" is that intention doesn't matter; if the threat comes from inside, it's an inside threat. A negligent employee who accidentally causes a data breach is considered an insider threat. The Ponemom Institute  and IBM fall under this school of thought.

As far as which definition is "correct," I'll let you decide for yourself. Regardless of what you want to call it or how you want to define it, your own employees are a serious threat to your business.


According to a 2018 study:

  • 64% of cyber crime incidents were caused by insider negligence.
  • The average yearly cost of accidental insider threats is $3.81 million.
  • The average yearly cost of malicious insider threats is $4.95 million.
  • It takes an average of 73 days to contain a cyber crime incident.


Unless you have 73 days a few million dollars to spare, start utilizing these practices to lower your risk of becoming a victim to insider threats.

Best Practices for Mitigating a Malicious Insider Threat:

  • Implement strict password and account management policies and practices.
  • Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.
  • Ensure that sensitive information is available to only those who require access to it.
  • Use a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions.
  • Develop a formal insider threat mitigation program.
  • Never send sensitive information through email.


It's also important to train your employees to recognize some common behavioral indicators of malicious threat activity among their colleagues. The US-CERT has identified the following behavioral indicators:

  • Remotely accesses the network while on vacation, when sick, or at odd times during the day.
  • Works odd hours without authorization.
  • Unnecessarily copies material, especially if it is proprietary or classified.
  • Expresses interest in matters outside the scope of their duties.
  • Shows signs of drug or alcohol abuse, financial difficulties, gambling, illegal activities, poor mental health, or hostile behavior.


Along with the practices above, educating your employees is the best thing you can do to prevent any type of insider threat. Have mandatory cyber security training mandatory for all employees. (If you're a Computerbilities client, we offer free cyber security training and will even provide lunch!)

If you're slightly overwhelmed and a little freaked out about the information above, no worries. We can actually implement all of the best practices for you. It's obviously up to you to be cautious, watch what you send in emails, and report anything suspicious, but we can handle all of the other stuff so you can simply focus on your business.


Call us today if you're worried about insider threats and want to schedule a FREE Cyber Security Assessment. We work with small to medium businesses in Raleigh, Cary, Durham, Apex, Clayton, Wake Forest, Chapel Hill, Holly Springs, and surrounding areas. Call today: 919-469-5060.