| The National Infrastructure Advisory Council (NAIC) reports that "...preventing all insider threats is neither possible nor economically feasible..." because the threat is already behind perimeter defenses and often know exactly where vulnerabilities exist within organizations (Cline, 2016). The purpose of this research was to determine the prevalence of malicious and unintentional insider threats. Statistically, the numbers support the idea that insider threats are increasing and occurring more frequently. The true numbers, which only account for the incidents that were reported, may be higher than originally expected. The statistical numbers are likely to much higher because organizations fear reputational damage and client loss. Organizations give reasons such as not enough evidence for conviction or too hard to prove guilt. The result of the paper indicates that companies focus most of their resources on external threats and not the insider threat that is costlier to remediate and considered the most damaging of all threats. The research focuses on malicious and unintentional insider threats and how they are different. A 2018 Crowd Research Partners report found 90% of organizations believe they are vulnerable to insider attacks, while 53% of businesses confirmed they had experienced an insider threat in the past 12 months (Crowd Research Partners, 2017a). The insider threat is hard to manage because an organization not only need worry about their own employees they also must monitor and manage third-party vendors, partners, and contractors. However, with a combination of technical and nontechnical solutions, including an insider threat program, companies can detect, deter, prevent or at least reduce the impacts of insider threats. Abstract The National Infrastructure Advisory Council (NAIC) reports that "...preventing all insider threats is neither possible nor economically feasible..." because the threat is already behind perimeter defenses and often know exactly where vulnerabilities exist within organizations (Cline, 2016). The purpose of this research was to determine the prevalence of malicious and unintentional insider threats. Statistically, the numbers support the idea that insider threats are increasing and occurring more frequently. The true numbers, which only account for the incidents that were reported, may be higher than originally expected. The statistical numbers are likely to much higher because organizations fear reputational damage and client loss. Organizations give reasons such as not enough evidence for conviction or too hard to prove guilt. The result of the paper indicates that companies focus most of their resources on external threats and not the insider threat that is costlier to remediate and considered the most damaging of all threats. The research focuses on malicious and unintentional insider threats and how they are different. A 2018 Crowd Research Partners report found 90% of organizations believe they are vulnerable to insider attacks, while 53% of businesses confirmed they had experienced an insider threat in the past 12 months (Crowd Research Partners, 2017a). The insider threat is hard to manage because an organization not only need worry about their own employees they also must monitor and manage third-party vendors, partners, and contractors. However, with a combination of technical and nontechnical solutions, including an insider threat program, companies can detect, deter, prevent or at least reduce the impacts of insider threats. |
