top of page
Nexix Logo
  • Writer's pictureNexix Security Labs


Insider Threats NSL

Since the early age of the digital era, cyber-attack threats have existed. With the increase in digitization of businesses and organizations, the threat of cyberattacks has increased too. It has been said in a survey that Cybercrime cost is expected to crease by 40%.

Although large-scale cyberattacks have occurred over the past 15 years in the form of distributed denial of service, data theft, loss of intellectual property, and cyber fraud, their impact has grown faster than the organization's ability to prevent and recover from it. Usually, organizations focus on external threats, but insiders are more often the source of cyberattacks. Last year, one of the largest global banks faced a loss of $900 million due to an insider breach; this is testimony to the fact that internal cyberattacks are more common than many assume.

What is an Insider Threat?

Insider threats in cyber security are threats possessed by individuals from within an organization, such as current or former employees, partners, and contractors. These individuals have the potential to misuse access to networks and assets to wittingly or unwittingly disclose, modify and delete sensitive information.

Information at risk of being compromised could include details about an organization's security practices, client and employee data, login credentials, and sensitive financial records. The nature of insider threats means that traditional preventive security measures are often ineffective.

Types of Insider Threats

Insider threats in cyber security are of two types: Malicious and Negligent

Malicious insider threats result from rogue employees and contractors leaking confidential data or misusing their access to systems for personal gain and/or to inflict damage and disruption. Criminal insiders may work alone or collude with external threat actors such as competitors and hacking groups.

Negligent insider threats result from inadvertent employee errors, such as users falling victim to phishing emails or sharing data on insecure devices and USB sticks.

Some examples of Insider threats include:

  1. Second streamers: Second streamers are current employees that misuse confidential information to generate additional income through fraud, external collusion, or selling trade secrets. Gartner's research suggests that these accounts for 62% of malicious insider threats.

  2. Disgruntled employees: Disgruntled current or former employees that deliberately sabotage or steal intellectual property can be among the costliest threats to organizations. Gartner's insider threat statistics suggest that 29% of criminal insiders commit theft or financial gain, while 9% are driven by a desire to commit sabotage.

  3. Employee negligence: Employee negligence is one of the most common types of insider threats. Negligent employees include users who exhibit secure and compliant behavior but make occasional errors. Many negligent employees do not realize their mistakes until it is too late.

  4. Persistent non-responders: Some employees, often senior executives, are unresponsive to security awareness training, consistently exhibiting behaviors that could leave them vulnerable to compromise. These users are most likely to be repeatedly targeted by social engineering scams such as BEC attacks.

How to mitigate the risk of insider threats

The complexity of detecting and responding to insider threats alongside other cybersecurity threats means that no single solution can claim to reduce the risk entirely. Instead, organizations should look to adopt a layered approach, encompassing a range of security controls and processes.

Organizations should:

  • Conduct regular risk assessments to understand the potential impact of insider attacks

  • Provide regular security awareness training for all staff

  • Closely manage the accounts and privileges of all employees and contractors

  • Perform penetration testing at least annually to help identify security improvements

  • Commission a simulated phishing assessment

  • Implement 24/7 network and endpoint monitoring to detect anomalous behavior


It's critical that organizations build a comprehensive insider-threat approach. An effective way to handle such threats is to empower network monitoring solutions, such as data loss prevention (DLP) policies at endpoints to prevent data exfiltration and support remote compliance with data protection legislation by applying policies to sensitive data directly. Secondly, firms should monitor user activity and behavior by implementing user and entity behavior analytics (UEBA).

For more information visit us on:

To schedule an audit you can contact us at:

Your Security | Our Concern


Recent Posts

See All
bottom of page