November 20, 2018  
Major Studies
Advisory Reports
Valuation Data
Malicious Insider Threats: Countering Fraud, Sabotage, Loss of Confidential Information, and Other IT Security Risks Posed by Trusted Insiders

Malicious insider threats, from espionage to sabotage, have always been one of the most potent security risks confronting organizations. This special report, Malicious Insider Threats, provides a full breakdown of the different forms that these threats can take, what organizations are most worried about, and what counter-measures they are taking.

This report is based on our survey of IT security professionals and IT executives worldwide. It analyzes malicious insider threats to businesses--that is, deliberate violations of an organization's security policy by individuals within an organization. Basic categories of malicious threats include accessing confidential information without authorization, disclosing confidential information, executing fraudulent transactions, and sabotage of the organization’s systems, network, or data.

For each of these four categories of threat, we present data concerning the perceived seriousness of the threat and actual incidents and risks of each type. We then analyze the popularity of various methods for preventing, countering, and detecting incidents of malicious insider activity.

Purchase the full report: Malicious Insider Threats.

Or, read the Research Byte, which provides an extract of the full report.

Table of Contents

  • Executive Summary
    • Understanding Malicious Insider Threats
    • Key Findings of This Study
  • The Overall Threat of Malicious Insiders
    • Categories of Malicious Insider Threats
    • Organizational Perceptions of Malicious Insider Threats
    • Actual Incident Levels of Malicious Insider Threats
  • Analysis of Malicious Insider Threats by Category
    • Accessing Confidential Information without Authorization
    • Disclosing Confidential Information without Authorization
    • Executing Fraudulent Electronic Transactions
    • Sabotage
  • Access Controls to Deter Malicious Insiders
    • Formal Establishment of Policies
    • Granting Insider Access on a Need-to-Know Basis
    • Removing Access Rights upon Termination
    • Auditing and Monitoring Access Attempts
  • Countering the Threat of Malicious IT Insiders
    • Formal Background Checks
    • Security Awareness Training
    • Two-Person Rule
    • Separation of Duties
    • Least-Privilege Rule
    • Individual Password Assignment for IT Personnel
    • Changing of Common Passwords
    • Routine Rotation of Administrator Passwords
    • Separate User IDs for Escalated Privileges
    • Audit Logs
    • Audit Logs Secured and Monitored
    • Reporting of Suspicious Activity
  • Detecting Malicious Insider Threats
    • Monitoring of Insider Email
    • Monitoring of Insider Keystrokes
    • Examination of Insider Computer Files
    • Monitoring Insider Internet Traffic
  • Demographics

List of Figures

  • Figure 1--Percentage Viewing Each Type of Malicious Insider Incident as Major Threat
  • Figure 2--Percentage with at Least One Malicious Insider Incident of Each Type in Past Two Years
  • Figure 3--Risk of Insiders Accessing Confidential Information without Authorization
  • Figure 4--Incidents of Insiders Accessing Confidential Information without Authorization
  • Figure 5--Risk of Insiders Disclosing Confidential Information without Authorization
  • Figure 6--Incidents of Insiders Disclosing Confidential Information without Authorization
  • Figure 7--Risk of Insiders Executing Fraudulent Electronic Transactions
  • Figure 8--Incidents of Insiders Executing Fraudulent Electronic Transactions
  • Figure 9--Risk of Insiders Maliciously Attempting to Sabotage Systems, Networks, or Data
  • Figure 10--Incidents of Insider Electronic Sabotage
  • Figure 11--Controls for Restricting Insider Unauthorized Access to Systems and Information
  • Figure 12--Formal Background Checks for System Administrators
  • Figure 13--Security Awareness Training Regularly Conducted for System Administrators
  • Figure 14--Two-Person Rule: No Critical System Function Relies on Single Person
  • Figure 15--Separation of Duties: Different Persons Approve, Carry Out, and Monitor Activities
  • Figure 16--Least-Privilege Rule: System Administrators Have Only Enough Access to Do Their Jobs
  • Figure 17--Individual Passwords: IT Personnel Do Not Share Passwords
  • Figure 18--Common Passwords Changed Whenever a System Administrator is Terminated
  • Figure 19--Password Rotation: All IT Personnel Passwords Are Force-Changed on Regular Basis
  • Figure 20--System Administrators Have Separate User IDs for Escalated Privileges
  • Figure 21--Audit Logs Identify Person Making Each Sensitive Change to Systems
  • Figure 22--Audit Logs Are Secured and Monitored by Persons Other Than Those Making Changes
  • Figure 23--Employees Trained to Confidentially Report Suspicious Activity by Other Insiders
  • Figure 24--Policy and Practice on Monitoring Insider Email
  • Figure 25--Practice on Monitoring Insider Keystrokes
  • Figure 26--Practice on Examination of Insider Computer Files
  • Figure 27--Practice on Examination of Insider Internet Traffic
Computer Economics • 2082 Business Center Dr. Ste 240, Irvine, CA 92612 • tel: (949) 831-8700