Skip to content

4 Kinds of Insider Threats and How to Stop Them

business solutions encapsulated in IT

Arthur Gaplanyan

October 17, 2022

No Comments

Insider Threats

You already know there are external threats to your business, but have you considered the internal threats?  A source is considered an “Insider” when it has legitimate access to your company network.  That authorized access bypasses initial security protocols that get them past the “locked doors and guards” you have protecting your business.   

That’s why when something is referred to as an Insider Threat, it is some form of abuse of approved access. It’s also why Insider Threats are so dangerous and need to be considered as part of your cybersecurity strategy.

Insider Threats have increased by 47% between 2018 and 2020 and are responsible for 22% of security incidents. These threats cost companies millions of dollars.

That is why it is vitally important to know and understand the types of Insider Threats, and how to stop them.

These are the 4 types of Insider Threats

  1. Malicious Employee
  2. Negligent Employee
  3. Third-Party Access
  4. Credential Theft

It sounds straightforward enough, but there are some nuances to these categories with other things to consider. Let’s explore them.


Malicious Employee

Malicious Employee

This one seems the most obvious.  You have an employee that is disgruntled for some reason, so they decide to do your company harm.  They have access to your network, so they can install a virus, delete files, or steal information. 

Negligent Employee

Negligent Employee

A negligent employee is harder to spot than a malicious one. They might be a poor employee, or they might even be one of your hardest-working ones.  Sometimes they skip steps or don’t pay attention because they are lazy, or maybe they just aren’t trained properly. Does their manager even know how to train them properly?

They don’t mean to cause an issue, but their actions leave the door wide open for a data breach. Maybe they are careless with using a different computer, public Wi-Fi, or even sharing classified data on an unsecured platform – such as emailing files to their personal email to work on at home.

Third-Party

Third-Party Access

Third-party companies you partner with will need access to your systems and network to do their jobs. Maybe it’s an ongoing partner or perhaps a temporary contractor. Either way, they will have access like your employees. In the same manner as those malicious and negligent employees, they might see an opportunity for damage or more likely just not be aware that they are not being secure with your data. Commonly, it’s just a hopeful situation that they don’t mess anything up for you.

Credential Theft

Credential theft is exactly as it sounds. Somebody steals the credentials of a user to gain access to your network. Credential theft starts getting into a gray area of cybersecurity. Technically it is an Insider Attack because the credentials are approved and gets the bad agent past your security. The cause of the theft is probably another cybersecurity topic though. This is where phishing scams, fraudulent websites, and impersonation emails start factoring in and you need to protect your business from those.


How do you prevent Insider Attacks from occurring?

Dealing with Insider Threats after the fact is challenging, and perhaps not easily detected adding to the difficulty.  The best way to handle Insider Threats is through prevention.  This can be done by including it in your business policies and practices, both operational and technical.

Hire Slowly

When hiring, do so slowly. This isn’t always practical if you are looking to fill a position quickly, however it is always beneficial to take as much time as you can and do your due diligence in your vetting process. Take some additional time to explore their work history. Any red flags could mean somebody with a malicious past. If they’ve worked in the same industry for a while, they probably have a reputation too. Ask around.

Enforce MFA

Multi-Factor Authentication (MFA) is one of the simplest, and best ways to enhance your security. Also known as Two-Factor Authentication(2FA), it requires another form of user authentication before allowing access. This can be done in very loose or very strict ways.  We’ve covered the varieties before, so check it out if you need more information regarding this.

Password Manager

While we are on the topic of securing that access, we always advocate using a password manager.  There are plenty to choose from, so if you are wondering what to use go ahead and ask and we can advise on your options.

Using a password manager makes using complex passwords easy.  You can set standards for your company, so your employees use at least 20 digits of random characters instead of something easy to remember (and easy to guess). It will help ensure they don’t reuse passwords as well. These are the immediate security improvements you get.

But wait, there’s more!

Not only are your employee passwords more secure, but you can manage them yourself. Somebody is on vacation and they are the only one that accesses XYZ? As a manager you can access their password, so you are never locked out of accounts for your company. Did an employee move on? You can revoke those passwords instantly. Managing your employee access becomes easy – and far more secure than not using a password manager.

Employee Security Training

Did you know that employees are the biggest reason for security breaches? 88% of all data breaches are due to human error. It’s not that your employees are dumb, it’s that security is hard. Being always diligent in a world that is constantly changing with new attacks isn’t pretty. Your employees are your first line of defense, as they are the ones dealing with emails and data access daily.  You should invest in them to improve the overall security of your business.

No, we don’t mean boring annual meetings with a test. There are ways to teach and test your employees that are more consistent and actually enjoyable, so they retain the information. 

Network Monitoring

When we talk about cybersecurity, this is usually what people think about. Rightfully so. It’s the hard technical side of things.

Once your business is attacked (whether from the outside or inside) how do you know? It’s done by monitoring your entire network for change. Read that as your entire business. We watch the workstations, servers, file shares, and email, and diligently watch for change. Using advanced security, the entire network is monitored at all times – 24/7. It looks for changes such as access to files that aren’t normally done, large downloads, access from unusual locations…everything.  It’s thorough and all-encompassing, and that is why it works.  


You’ll notice that up until this point there has been a lot of operational consideration and easy to implement tech choices. That’s because cybersecurity isn’t a product you slap on your business, it’s an ingredient you bake into it. It keeps you safe from the outside, but also protects you from Insider Attacks.

Layered cybersecurity is a multi-faceted approach. If you’d like to learn more, we’ve written a business guide that covers it, absolutely free. If you need help setting up a solution, get in touch with our live calendar to book a free consultation.