34% of data breaches are inside jobs

One of the most notable trends of the 2010s was an increase in data breaches. The Privacy Rights Clearinghouse maintains a chronological database of data breaches that stretches back to 2005. Hacks and cybersecurity threats were an issue for companies and organizations even in the 1980s and the 1990s, but a simple scroll through that database will show how much more frequent data breaches have become within the past ten years. Since 2009 or 2010, notable data breaches have occurred virtually every day.

Why are these threats on the rise? One factor is that people are living more of their lives online. Between social media, online shopping, and the growing segment of the workforce that conducts most or all of its business on the internet, there are more targets for hackers and cybercriminals than ever before. This infographic shows how dramatically the production of global data has grown even in the past five years. With so much data out there, it stands to reason that cybercrime is becoming a more significant enterprise. It’s easy to imagine the culprits behind data breaches as keyboard warriors sitting alone in dark rooms, wreaking havoc from afar. What many people don’t recognize: the threat could be coming from the cubicle next door.

The Insider Threat

Pop quiz: who has the most access to a company’s secure and sensitive data? In most cases, it’s not a teenage computer hacker from Russia but an employee on the payroll. In 2019, Verizon’s annual Data Breach Investigations Report found that more than one-third of all data breaches that occurred that year (34 percent) were the result of "insider threat actors."

Why are insiders stealing or leaking data from their employers? These bad actors could be disgruntled staff members looking to "get back" at their employers for perceived slights. They could be identity thieves making off with sensitive customer data. They could be making money on the side by selling valuable data to malicious third parties. They could, in the case of a recent data breach at Twitter, be acting as foreign spies.

Ultimately, the reasons why an employee might breach the data security of a company matter less than the fact that these threats exist at all. If an organization reaches the point of asking why a staff member stole data, it’s already too late. What each business should be doing is taking steps to protect against these insider threats before they turn into inside jobs.

How to Protect Against Insider Data Threats 

The good news: there are several steps that a business can take to safeguard against potential insider data breaches.

One critical piece of the puzzle is conducting stronger background checks.  

If there is one reason to ramp up a company’s background check policy, the threat of bad actors is it. Stronger criminal history checks at the time of employment are a must. A single county criminal history check isn’t enough anymore. Instead, employers must try to be as comprehensive as possible with a mix of local county searches, additional county checks based on a candidate’s address history, multi-jurisdictional database checks, national security watchlist searches, and more.

Companies should also use ongoing criminal monitoring to re-check employees post-hire. These strategies will hopefully help employers to spot red flags before they grow into bigger, costlier problems.

The other big trend right now is businesses implementing "zero trust" policies.  

In a "zero trust" cybersecurity scenario, no person or device is implicitly trusted by an organization’s network or system. Instead, every person or device must verify their identity (often every time that they try to access an asset or database) to proceed.

Traditional cybersecurity follows a "castle and moat" model under which everyone outside of an entity’s private network is beyond the "moat," and everyone inside it is in the "castle." This setup focuses the energy on keeping threats out, but it doesn’t protect against threats that are already inside the walls. A hacker who manages to cross the “moat” can typically enjoy access to everything, as their device will be implicitly trusted.

This system does nothing to defend against an insider threat. A zero-trust model essentially adds protections inside the "castle" to ensure that even someone inside the network doesn’t enjoy free reign over the system.

Employers would rather trust their personnel than operate in a state of constant suspicion. Unfortunately, as data accumulation continues to grow, and the data itself becomes more sensitive and valuable, enterprises and small businesses alike need to understand that some of their greatest threats may come from inside. That doesn’t mean employers can’t trust their employees, but it does mean that a "trust but verify" model is essential.

Image Credit: LeoWolfert/Shutterstock

Michael Klazema is Chief Marketing Technologist at VODW.com and has over two decades of experience in digital consulting, online product management, and technology innovation. He is the lead author and editor for Dallas-based backgroundchecks.com with a focus on human resource and employment screening developments.