- Solves For
An insider threat is a risk of breach that comes from individuals within a given organization (e.g. employees). The risk level with this type of threat is especially high given the amount of access, knowledge, and autonomy employees possess.
The truth is, inconveniently, people act one way in formal meetings and another way on their company’s digital collaboration network. And this inconvenient truth can add a layer of risk, or a blind spot, for the organization.
As the technology of collaboration platforms continue to gain traction, the concern for insider threats grows.
Not all insider threats are the same — though they all present a danger to the organization. The three basic types of threats inside the workplace, and their allocation percentage, include:
Even when it comes to benevolent employees, there is still the risk of insider threats simply from employee negligence. Around 24% of all insider threats are completely inadvertent. Often, employees don’t understand when their behavior, such as sending a sensitive document over a public company channel, is risky.
These well-meaning employees benefit from trainings regarding safe workplace behaviors.
Outsiders could include 3rd party contractors who possess some degree of access to the workplace networks. With outsiders being responsible for 45% of all breaches, this is the largest group of insider threats. Unfortunately, some of the most devastating data breaches in recent years happened via third party vendors.
For example, in April of this year, hackers targeted third-party sellers on Amazon.com to post fake deals and steal cash.
These are the evil-doers that we often picture when speaking about insider threats. Approximately 31% of insider breaches are due to malicious insiders. These employees either enter an organization with the intention of causing some sort of breach or damage, or become a disgruntled employee who commits the act on their way out the door.
The casual, threaded communications on collaboration platforms continue to gain traction and, in some scenarios, replace email completely.
Collaboration platforms offer many positive attributes, such as cross-functional communication, quick distribution of information, and increased workplace connectivity — all which can lead to increased productivity and profits. However, it’s time to take the inherent risks of these communication platforms seriously.
At Wiretap, we analyzed the contents of over 1,000,000 employee messages and found — among other insights — that confidential information is shared in 1 of every 118 public communications.
There are more casual and chatty conversations in a Yammer multi-company group or Workplace private message setting than in an email conversation, for example. This creates a scenario where inadvertent actors may accidentally and negligently share sensitive data because they put something in writing they wouldn’t ordinarily email to a colleague.
Unfortunately, this also creates more space for malicious insiders to pray on those inadvertent actors.
Today, nearly all organizations monitor employee email communications with some sort of data loss prevention (DLP) solution. In fact, as of April 2017, 78% of major companies now monitor employees’ use of email, internet, or phone. It’s time now to add a monitoring and compliance solution created specifically for the unique ecosystem of digital collaboration.
Aware by Wiretap’s AI-driven technology analyzes workplace communication content and file shares, delivering a real-time solution for understanding content and information sharing.
Leaders can configure custom actions based on instances of shared content and if they see an issue, they can investigate — bias free. With shared content monitoring functionality, the team can also pull relevant messages and leverage additional context to identify the root of the insider threat.
Request a free Collaboration Risk Assessment to gain visibility into employee interactions and identify potentially harmful or inappropriate communications on your organization’s collaboration platform.