Thought Leadership

One of the Most Serious Cyber Threats Could Be on Your Payroll

Cyber Threats Could Be on Your Payroll

(February 23, 2021) Organizations are right to be concerned about shadowy hacking groups and state-backed cybercriminals who seek to commit fraud and extortion, steal data, and disrupt business. However, one of the most serious cyber threats could be on your payroll.

This is not to suggest that you’ve somehow hired a hacker. Nevertheless, insider cyber threats are a very real risk to every organization.

Many people think of an insider cyber threat as an employee who purposely steals data or sabotages systems. Unfortunately, those incidents do occur. However, a recent study by the Ponemon Institute found that 62 percent of insider incidents involved “human error” or “negligence.” Users unintentionally mishandled sensitive data or violated company security policies with “workarounds” that bypassed IT processes.

Combating insider threats has become more difficult with the transition to remote work.  Work-from-home employees are more likely to unknowingly engage in risky behaviors. A July 2020 Trend Micro study found that 56 percent of users access nonwork applications on a company device. Although 85 percent claim to take IT processes seriously, 34 percent say they give little thought to whether they’re using approved applications or violating security policy.

The High Cost of Employee Cyber-Negligence

Even if insider threats aren’t malicious, they come with serious costs. According to the Ponemon study, organizations suffered an average of 14.5 insider incidents involving negligence in 2020, at an average cost of $307,111 each.

The study listed five key factors that put organizations at risk of a negligent insider incident:

  • A lack of employee training in security processes and policies, and why violation of these rules puts the organization at risk of a security breach or regulatory compliance violation.
  • A lack of employee awareness of the steps they should take to secure their company-issued and personal devices.
  • A lack of control over highly sensitive and confidential data, enabling employees to store it in an unsecured location.
  • A lack of enforcement of security policies, allowing employees to ignore best practices and IT processes.
  • A lack of resources to keep devices, applications and services patched and updated to the latest versions.

Easy-to-understand security policies reinforced with employee education programs can go a long way toward addressing negligent insider threats. Data loss prevention (DLP) solutions can enforce policies and generate notifications if users attempt to email or download sensitive data.  User behavior analytics can help detect violations of security policies on endpoint devices.

The Malicious Insider Threat

Although employee negligence makes up two-thirds of insider threats, malicious insiders cannot be ignored. Criminal and malicious insiders were responsible for 23 percent of insider incidents, and credential theft was responsible for another 14 percent.

Security incidents caused by criminal and malicious insiders cost organizations an average of $755,760, more than double what they cost in 2016. These costs are directly related to the amount of time and effort required to detect and respond to the incident. Cybercriminals or malicious insiders with legitimate credentials often remain undetected in an IT environment for weeks, months, even years, stealing data and causing significant damage.

Perimeter defenses do little to address threats that come from inside the network. Organizations should consider implementing access control solutions with robust authentication and authorization functions. Access control combined with behavior and pattern analysis greatly increases the ability of an organization to detect insider threats from misuse, intrusions or malicious attacks.

Media outlets tend to focus on the sensational security breaches perpetrated by external attackers. However, these incidents are often the result of user error, security policy violations or malicious insiders. With many employees working outside the office, organizations should place a renewed focus on implementing proper security policies along with the right detection and analysis tools. This approach, when combined with end-user education and continued vigilance, will help protect your organization against insider threats.


Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.

Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile


  • Industry

  • Category

  • Regulation

  • Solution