Comcast Ventures Blog


Comcast Ventures Blog

How to avoid becoming the next insider threat victim

Comcast Ventures  |  April 7, 2016  |  By

Five years ago, the term “insider threat” was not commonplace. Today, it’s almost everywhere. As cybersecurity has become a more popular conversation piece, the term “insider threat” has risen in the ranks with it. So what is an insider threat?

Insider threats can be broken down into two categories – malicious and non-malicious. Malicious insiders are people, such as employees and third party contractors, who have access to a company’s sensitive data, and purposefully try to compromise it. For example, an employee who is planning to leave a company to start a competing business may steal a private client list to get a jump start. Non-malicious insiders are individuals who unknowingly elevate their employer’s risk of getting breached. For example, an employee may send sensitive corporate information to her private e-mail account and not realize she is violating her employer’s security policy. Non-malicious insider threats are by far more prevalent than malicious ones. When analyzing the behaviors of more than a million users nationwide, our Bay Dynamics experts found that in approximately 90 percent of incidents–where employees leak sensitive data outside an organization – the employees are legitimate users who innocently send out data for business purposes.

As insider threats have become more commonplace, the way businesses secure their information has shifted. In the past, most businesses took an “outside-in” approach to security meaning they set up security protection tools to thwart outside criminals from attacking their organization. Nowadays, businesses are taking an “inside-out” approach meaning they are looking at how the people who connect to their network are behaving and whether they are exhibiting risky or unusual behavior that may indicate an attack in progress or lead to one down the road. They are using analytics software to make sense of their data and create profiles about how each individual insider behaves daily. This includes how they access corporate information, what information they have access to, when they connect to the network, who they typically interact with and other daily actions. If they see an insider do something that’s risky, they can work with the person to fix it. The goal of this approach is to change behaviors organization-wide so that the overall cyber risk level decreases and any lurking criminals move on to an easier target.

Many users are part of an uneducated workforce when it comes to information security and therefore are putting their organization at risk of a breach. When they are called out by their employer, close to 80 percent of the people who are exhibiting risky behavior (i.e. visiting high risk websites such as gambling, pornography and others) make changes so that they are more security-conscience. The statistics show that for the most part, insiders want to do the right thing, they just need guidance on how to do it. As we have seen from the slew of data breaches during the past several years, the damage to a company can be significant – brand damage, loss of customer trust, financial damage, lawsuits and in some cases, shut down a business entirely.

–By Feris Rifai, CEO and co-founder of Bay Dynamics

Back to top