DataCenterNews Asia Pacific - Specialist news for cloud & data center decision-makers
Asia
Guides
#
disaster recovery
#
multi-cloud
#
power / energy
#
software defined wide area network
#
storage
Search
Story image
#
Data Protection
#
DLP
#
Breach Prevention

Protecting your business from insider threats: What you need to know

Yesterday
By Monica Makau, Gallagher Security

As businesses embrace new technologies and hybrid work models, human behavior also evolves, and with that comes an increased risk of insider threats. But what exactly is an insider threat? Simply put, it's a risk posed by someone who has, or once had access to your company's systems, data, or network. It could be a current employee, an ex-staff member, a contractor, or even a trusted partner.

With more companies shifting between remote work and office-based operations, insider threats have become a key concern. A recent example at the British Museum—on January 29, 2025, saw an ex-IT contractor who had been fired a week earlier, trespass into the museum and shut down several systems, causing massive business disruptions. 

History offers valuable lessons about insider threats. During the English Civil War in the 17th Century, Oliver Cromwell's soldiers successfully infiltrated Corfe Castle by turning their coats inside out to match the colors of the Royal Army. This act of deception mirrors how modern insider threats operate—from blending in undetected to leveraging trust for their own advantage. 

Even companies with strong security postures can be caught off guard. Take KnowBe4 for example, they accidentally hired a fake employee, but their security alert system flagged it within 25 minutes, allowing them to act fast, proving two things; that insider threats can happen to anyone, and a swift response can make all the difference. 

According to IBM's 2024 Cost of a Data Breach report, 55% of breaches involved insider or external attackers, with malicious insider attacks costing an average of USD $4.99 million. A 2023 Cybersecurity Insiders report also found that 74% of organizations feel moderately to extremely vulnerable to insider threats. 

Many people assume insider threats only come from disgruntled employees, but the reality is much broader.

What are the Types of Insider Threats 

1. The Malicious Insider (Turncloak) 

This is someone who deliberately abuses their access to steal data, sabotage systems, or help competitors. Compared to the disgruntled employee, a malicious insider's actions are predetermined. Think of Game of Thrones' Theon Greyjoy, who was called a 'turncloak' for betraying his allies. In a business setting, this could be an IT admin selling company secrets to a competitor. 

2. The Careless Employee (Negligent Insider) 

Not all insider threats are intentional. Some employees unknowingly put your business at risk through poor security habits—like using weak passwords or falling for phishing scams. 

Example: A staff member clicks on a phishing email, allowing hackers to install malware on your systems. 

3. The Compromised Insider (Pawn) 

This is someone whose credentials have been stolen by an external hacker, turning them into an unknowing security risk. 

Example: A hacker steals an employee's VPN login and gains access to sensitive business data. 

4. The Insider Colluding with External Actors 

In some cases, an employee might work with cybercriminals, competitors, or even foreign governments. 

Example: An employee plants ransomware in the system on behalf of a cybercriminal group. 

5. The Third-Party Insider Threat 

Contractors, vendors, or business partners can also pose risks, especially if they have weak security controls. 

Example: A supplier's poor cybersecurity practices lead to a data breach affecting your business. 

6. The Shadow IT User (Unintentional Insider) 

Employees sometimes bypass IT policies by using personal devices or cloud storage solutions, which can introduce serious vulnerabilities. 
Example: Staff members sharing business documents via personal Dropbox accounts instead of using approved company storage. 

7. The Disgruntled Insider 

Someone who has left on bad terms (or is still employed but unhappy) and seeks revenge. Compared to the malicious insider, the disgruntled insider's actions are typically reactionary and maybe driven by emotion.

Example: A recently fired IT administrator deletes critical company databases before leaving. 

How companies can reduce insider threats.

The good news is there are practical steps you can take to reduce the risk of insider threats. 

1. Strong Onboarding and Offboarding Processes 

Screen new hires and review access regularly. Make sure you revoke system access immediately when someone leaves the company. 

2. Clear Security Policies 
Having security policies in place is crucial—but they only work if employees know about them! Regularly communicate and reinforce guidelines on acceptable behavior, data protection, and acceptable use of IT resources. 

3. Data Classification and Protection 

Not all data should be freely accessible. Label sensitive information (e.g., 'Highly Confidential') and use Data Loss Prevention (DLP) tools to block unauthorized sharing. 

Example: If an employee tries to email a confidential report to their personal account, DLP should automatically block the email and alert security teams. 

4. Implement Least Privilege Access 

Employees should only have access to the data and systems they absolutely need to do their jobs. Combining this with Multi-Factor Authentication (MFA) can help prevent unauthorized access. 

5. User Behavior Analytics (Trust but Verify) 

Using AI and machine learning, businesses can monitor unusual behavior, such as employees downloading large amounts of data or logging in at odd hours. If something seems off, an alert is triggered for further investigation. 

6. Continuous Monitoring of Third-Party Apps and Systems 

Keep track of all software and cloud services employees use. If unauthorized apps (like personal storage services) are being used, make sure they are properly monitored or restricted. 

7. Security Awareness Training 

Educate your employees on cybersecurity best practices so they can recognize threats like phishing scams and social engineering attacks. Regular training can go a long way in preventing careless mistakes. 

8. Legal Protections (NDAs and Contracts) 

Employment agreements, Non-Disclosure Agreements (NDAs), and non-compete clauses can serve as deterrents and help protect sensitive business information. 

Be prepared, be aware. 

It's important to remember that small businesses are also not immune to insider threats. Whether intentional or accidental, the risks are real—but with the right strategies in place, you can protect your business from harm. By staying proactive and educating your team, you can build a security-conscious culture that keeps your data safe.

If you haven't already, now is the time to review your security policies, tighten access controls, and invest in awareness training. The more prepared you are, the better you can safeguard your business from insider threats.  
 

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Veeam launches Kasten v7.5 with enhanced data protection
AWS unveils Ocelot chip claiming 90% cost reduction
Veeam partners with Microsoft to enhance AI data resilience
StorONE unveils S1 Version 3.9 with major cost savings
MSP Trends in 2025 – Navigating What’s Next for Managed Services
Top stories
How the evolution of the CDR unlocks new opportunities for non-bank Lenders
The role of secure information architecture in transforming modern workspaces
The flexibility factor: How digital childcare solutions are helping women return to work
Hewlett Packard unveils networking solutions in APAC
Which "David vs. Goliath" Battles? Both, the Women Replied