Some of the high-stake data breaches that happened recently in the US were committed by current or former employees of small and big organizations. while others were caused by accident or unintentional, some of the data breaches were committed with malicious intent. There is no question that internal threats need the same level of focus as external threats need. The recent survey, the insider threat report from CA (https://www.ca.com/content/dam/ca/us/files/ebook/insider-threat-report.pdf) shows that 90% of organizations feel vulnerable inside to internal threats. More than half of surveyed organizations confirmed insider attacks against their organizations in the previous months.
An Insider threat with malicious intention ranges from stealing PII (Personally identifiable information), PHI (Protected Health Information) and Credit card information for monetary purposes while an insider threat with unintentional activities ranges from using unsecured emails or data exchange, not following security policies to using unapproved process or tools resulting in exposing private information.
Here are some of the potential root causes for internal threats
Measures you can take to reduce insider threats
Controls and Tools
Insider Threat Activities Monitoring
Data-store and Data Exchange
Security Training and Awareness
As inside threat survey and recent data breaches show us, internal threats are trending upward. Implementing proper security controls and recommendations of security professionals will help minimize insider threats.