Our research shows that internal employees are the most likely source of data loss at an enterprise. As well as dedicating time and resources to build better defenses against external threats, security leaders must therefore also focus on mitigating internal threats.

External versus internal threats: a major perception gap spells trouble

Accenture and HFS published research in 2016 revealing that most enterprises perceived outsiders to be their greatest threat over the next year and a half—which, according to fresh HFS research this year, differs from reality (see Exhibit 1).

Exhibit 1: Insider threats are more prevalent, yet less feared, than outsider threats in 2016 and 2018   

^{Source: Data from Accenture and HFS Research “The State of Cybersecurity and Digital Trust” 2016 survey (N= 208) and HFS 2018 security survey (N= 300)}

^{N.B. HFS conducted both surveys, which both included worldwide security professionals of enterprises, but not all the respondents were the same.}

In many cases, insider threats manifest in complex ways. Insiders can be anyone with authorized access to your data or network. They can be current or former employees, but also contractors, service providers, and partners. Often, insider breaches are not malicious and can simply be due to negligence or honest mistakes. The Ponemon Institute 2018 Data Breach Study found that 27% of all breaches globally were due to careless errors by employees or contractors. External threats tend to be more obviously malicious and executed by hacktivists and organized crime-sponsored professionals.

The call is coming from inside the house

The HFS 2018 survey revealed that for most industries, the bulk of threats came from within the enterprise, but not to the same extent (see Exhibit 2). This variation isn’t surprising given the different pressures each industry faces. Retail experienced more internal threats than external by a considerable margin. The large quantity of customers’ confidential data that retail firms process can open them up to a significant internal threat. A recent internal breach was exposed at UK-based retailer Morrisons, where an employee stole the data of 100,000 staff, including salary and bank details. Insiders can steal data with ease as they often already have access to sensitive information. In the 2016 survey, the one industry that faced more external than internal threats in the previous 12 to 18 months was the banking and financial services (BFS) industry. The BFS industry has always been one of the highest spenders on security services, and we expect enterprises in this industry to have stringent internal security policies and controls.

Exhibit 2: Most industries experience more internal threats than external threats

^{Source: HFS 2018 security survey (N= 300)}

Not one industry expected that the risk of internal threat in the next 12 to 18 months would be greater than their risk of an external threat, even when this was what they had experienced in the past. We can see this huge underestimation of internal threat particularly for the transport, consumer products and goods (CPG) and retail, and energy and utility industries, which all experienced more internal threats than external but predicted the opposite.

We saw a similar story by regions, as illustrated in Exhibit 3.

Exhibit 3: Almost all regions experienced more internal threats than external threats

^{Source: HFS 2018 security survey (N= 300)}

The Bottom Line: Don’t ignore the bogeyman inside the house – beef up internal security

Recent HFS research has revealed that over the past four years, insiders have been the leading source of data theft and data corruption. You must understand the ongoing threats from internal employees and your supplier ecosystem. You are only as secure as your weakest link.

Don’t let an insider threat be your blind spot:

• Ensure you revise, update, and effectively communicate your security policy to all employees, throughout their tenure. Also, make sure that employees who leave understand their ongoing privacy obligations. This helps to reduce the risk of any careless errors.
• Closely control who can access data and what activities they are permitted to perform. Revoke permissions as soon as an employee leaves employment, and wipe their devices. Insider threats often come from employees who have handed in their notice or are being let go and take information with them, although they don’t always do this with malicious intent.
• Effectively monitor your network to detect and prevent any insider breaches. If you have adequate knowledge, time, and skilled resources, you can do this inhouse. Otherwise, consider using a security service provider to provide guidance and outsourced services. Leading-edge technologies such as AI can enhance threat intelligence and threat detection services. One such example is Darktrace, which can model normal employee behavior and filter all anomalies to detect data theft.
• Don’t let insider threat be taboo in your boardroom and within your security strategy. As the security lead, make sure you have a seat at the executive table.