3 min read time

The Insider Threat Problem: Your Biggest Threat May Already Be Inside!

by   in Cybersecurity

With insider threats it’s not a matter of if, but rather a question of when your organization will be hit. Just last week HackerOne, a security company, dealt with a rogue employee stealing data reported through the company’s bug bounty system. According to the article, the insider threat actor was turning around and using the privileged data to claim bounties directly from the effected companies, making a tidy profit. The now-former employee accessed and attempted to sell his company’s data over a half dozen times, only getting caught after a customer noticed and reported unusual behavior to HackerOne.

Your biggest threat may already be insideStories like this are becoming all too common. Consider asking yourself:

  • Can my organization confidently detect insider threats?
  • Does my security team have the resources needed to handle insider threats?
  • Does my organization have process in place to stop insider threats before damage is done?
  • Is there a plan to handle insider threat incidents after damage has been done? Who is involved?

If you don’t have great answers or the thought exercise worries you, you’re not alone! According to the GURUCUL Insider Threat Report 2021, 98% of organizations feel vulnerable to insider threats and about half can’t detect an insider threat until after damage has been done.

Insider Threat is Growing

Insider threats are increased at an alarming rate and companies need to be prepared. According to the “2022 Cost of Insider Threats Global Report” released by the Ponemon Institute 67% of companies reported more than 20 insider threat incidents requiring an average of 85 days per event to fully contain. These threats aren’t cheap either with an average total cost to the organization of $15.4M. To make matters worse insider threats are notoriously difficult to detect.  

Today you may be fending off a malicious threat actor moving laterally through your system, tomorrow an employee collecting privileged company data to exfiltrate. And you will always be searching for the negligent users falling for phishing emails, navigating to suspicious websites, or using weak passwords. Whatever the case insider threats often blend in, going unnoticed until it is too late and damage is done. With advances in modern security analytics tools, you may be asking why insider threat hunting is so difficult.   

Difficulties in Detection

Most monitoring tools take a rule-based approach to security, sending out alerts when an action is taken or a threshold reached. However, these contextless rules tend to throw false positives flooding already busy analysts with false leads that must be followed up on. Too many false flags and your security team will ignore noisy alerts opting to focus their precious time elsewhere. The same goes for analysts using hypothesis-based searches to find insider threats. If day in and day out a query returns no leads, the analyst will pivot to other tasks.  

When looking for the insider threat “needle in a haystack” it is easy to get discouraged! Without a proper program in place, insider threat hunting slides down the list of priorities leaving the organization at risk of data breaches, IP theft, and more. This is why we are here to help!

Where to Start  

 To get started detecting, containing, and remediating insider threats, check out our new Insider Threat knowledge hub! Learn more about what insider threats are, their risk to your business, and how to protect against them by building your own insider threat program. Build your team, establish best practices, and ensure your have the right tools in place (such as ArcSight Intelligence) to give your organization a fighting chance against insider threats.

Learn from the Experts

Eager to learn more and our knowledge hub isn’t enough? Join us July 26th for our Insider Threat webinar hosted by the head of our threat hunting team, Paul Reid. Paul will be sharing real-life best practices for finding the threats from within. You’ll learn about:

  • Actual cases of insider threats
  • Approaches and techniques for uncovering such threats
  • Tools that support the approaches and techniques 

More Info:


Join our Community | What is an Insider Threat? | What is Threat Hunting? | What is Artificial Intelligence?


Security Operations