It’s an unpleasant topic, but…the recent survey by Exabeam quotes this staggering figure of 84% of Australian respondents expecting insider threats to grow, during the next 12 months.
Insider threat is mostly accepted as a malicious threat coming from inside an organisation. Traditionally, thinking around security and privacy threats are that they would come from an external party, but that’s now changing.
The threat may come from a current employee, former employee, a contractor, student and/or volunteer who has, or has had, access to the organisation’s network or applications.
In a high profile example, a former Google engineer, Anthony Levandowski, stole self-driving car technology before leaving Google to start his own self-driving truck company after becoming disillusioned with Google. He downloaded over 14,000 confidential files to his personal laptop.
Insider threat can also include a party who causes harms unintentionally. This is definitely not a new idea. We’ve been writing about it for years, but it now has a name which will increase awareness.
Retaliation based on a grudge, or simple mistakes made when using technology can create insider threat. Regardless of what has created the threat, an incident can disrupt an organisation’s business with serious consequences.
And, when you add the complexity of shadow AI to the existing risk environment, the likelihood of privacy and security incidents increase. In the same survey, 76% of respondents had seen employees use unauthorised generative AI.
Do your teams know how to identify, deter and mitigate insider threat? If not, please contact us for support.