Excessive Data Access Leads to More Insider Attacks—Here’s How To Reduce Your Company’s Risk

Zach Capers profile picture
By Zach Capers

Published
7 min read
Excessive Data Access Leads to More Insider Attacks—Here’s How To Reduce Your Company’s Risk

The attacks are coming from inside the business—we’ll explain what’s causing them and what you can do about it.

Insider attacks plague 71% of businesses, according to Capterra’s 2023 Insider Threats Survey*. Our research also finds that 79% say insider attacks, such as fraud, sabotage, and data theft, take longer to detect than outside attacks—a factor that magnifies the impact of insider attacks on your company’s finances, reputation, and competitiveness. 

Insider attacks can cost your company hundreds of thousands of dollars, so it’s essential that you be proactive about taking preventive measures to stop them. In this report, we’ll take a deep dive into our survey results, explore their implications, and offer tips to better protect your business against insidious insider attacks. 

/ Key survey findings

  • Companies that allow greater data access tend to experience more insider attacks.

  • Nearly four in five (79%) business leaders say insider attacks take longer to uncover than attacks from the outside. 

  • Among companies that report insider attacks, more than half (53%) experience data theft.

  • Insider fraud schemes cost companies $262,138 on average and typically take about five months to be uncovered.

Note: Insider threats result from either the malicious or negligent actions of employees, business partners, vendors, contractors, or others provided with access to your company’s data or systems. For the purposes of this report, we are focusing on insider attacks that are committed purposefully and maliciously rather than negligent insider incidents that are accidental or result from carelessness.

Higher rates of insider attacks are associated with higher rates of employee data access

Insider attacks arise from opportunities afforded by the insider’s specific role and the trust granted by the business to access company resources. This is why it's critically important that companies protect data and systems using the principle of least privilege. 

In other words, employees should only have access to data or systems needed to perform their tasks

Unfortunately, our survey reveals that only 57% of companies limit data appropriately while the other 43% allow access either to more data than necessary (31%) or to all company data (12%).

When we take a closer look at the 57% of companies that only allow appropriate data access and compare them to the 43% that allow excessive data access, a clear distinction emerges. Companies that allow excessive data access report much higher rates of various insider attacks—companies that restrict data appropriately are twice as likely to avoid insider attacks altogether.

Graphic showing the likelihood of an insider attack according to data access.

Making matters worse, of the companies that experience insider attacks, one in three (34%) report the involvement of a highly-privileged network user or admin. So not only should data be restricted only to what employees need to do their job, highly-privileged users must also be scrutinized and the use of admin rights should be minimized.

Data theft is the most common type of insider attack

We asked 400 business leaders whether and what type of insider attacks have occurred at their company. Nearly two in five businesses (38%) have experienced data theft, by far the most common insider attack reported. These events are doubly concerning because, in many cases, they also constitute a data breach.

Graphic showing the most common types of insider attacks.

The second most common type of insider attack is asset misappropriation, reported by just less than a third (32%) of businesses. This type of attack includes any use of an entrusted position to misuse company assets for personal gain and includes an array of schemes from skimming money from a cash register to using company electricity to mine for bitcoin.

Third on our list at 30% is the disclosure of sensitive business data and trade secrets. This type of critical business information is valuable precisely because it is secret, making it a prime target for those looking to sell the information or damage the company’s competitiveness. A classic example of this type of attack occurred years ago when an engineer at Gillette became upset with his supervisor and, fearing loss of his job, sent highly classified plans for a then game-changing three-blade razor to chief competitor Schick[1].

Rounding out our results are reputation sabotage (27%), insider fraud (23%), and system sabotage (20%). Sabotage tends to be associated with disgruntled employees while fraud is conducted for personal enrichment—more on each next.

Disgruntled employees pose specific risks

Motivation to commit insider attacks is often borne from need or greed—but in many cases it also stems from retribution. Amid a spate of layoffs in the tech industry and following the so-called Great Resignation that saw employees seeking better pay and benefits en masse, the potential for disgruntled employees must be taken more seriously than ever before.

Disgruntled employees are often seeking retribution for perceived wrongs committed by the company. This retribution manifests in actions such as system sabotage, publication of sensitive business data, and social media attacks. Of companies that have experienced insider attacks, four in five (80%) have been victimized by disgruntled employees—27% were victimized by current employees, 40% by former employees, and 13% by both. 

Perhaps more alarming, 36% of companies that report insider attacks say a former employee with active credentials was involved. This makes it abundantly clear that businesses must make stronger efforts during the employee offboarding process to collect equipment and deactivate user accounts to reduce attacks. 

Insider fraud incidents cost companies more than a quarter million dollars on average

While not the most common insider attack reported, internal fraud is perhaps the most insidious and definitely one of the most costly. According to our research, insider fraud incidents cost companies more than a quarter million dollars on average and take a little longer than five months (156 days) to be discovered. And because fraud is concealed by its very nature, it’s safe to assume these numbers are merely starting points.

Graphic showing the average cost of insider fraud incidents.

When we break out small businesses with 500 or fewer employees from large companies with more than 500 employees, the numbers change drastically. Small businesses average about $80k in financial impact per fraud incident while large companies average about $390k. This makes sense considering it’s easier to take a larger slice from a larger pie.

How should I protect my business against insider attacks?

The following are strategies that you can use to mitigate the insider threat to your business, most of which are simple to implement.

Employ the principle of least privilege

Employees should have access to all of the data they need to do their job, but as we’ve shown, allowing excessive data access leads to problems. Regularly audit who has access to what and adjust privileges and access settings accordingly, especially when employees change position. 

  • Use data classification to identify and protect sensitive information

  • Apply role-based authentication to simplify access control

  • Implement network segmentation to limit lateral movement

  • Minimize highly-privileged and admin accounts

Develop an anonymous tip program

The majority of investigations begin with a tip. That’s why the most effective strategy to identify insider attacks is to deploy an anonymous tip line or formal whistleblowing program. These programs are highly effective and cost little money or effort to get started.

Fortunately, 72% of the companies we surveyed have an anonymous reporting program, but that also means that more than one in four companies do not.

Practice separation of duties

To help prevent fraud and numerous other threats, it’s important to make sure no one person is responsible for critical processes or transactions. High-risk duties such as bookkeeping, asset distribution, or even pushing code into production should have safeguards and require approvals to make insider attacks more difficult to commit—and to cover up.

Ensure departing employees are properly offboarded

When parting ways with an employee, be sure to do all of the following: 

  • Conduct exit interviews (an opportunity to assuage a disgruntled employee).

  • Secure all company equipment (and wipe remotely if necessary).

  • Deactivate all network credentials including on-premise and cloud-based applications.

  • Close and archive all relevant accounts.

Use software to ease insider threat mitigation

Explore security tools such as data loss prevention software which can help to keep sensitive information secure and prevent unauthorized data transfers, or consider an endpoint protection platform that can secure devices while helping to restrict network access. 

Want to learn more about making your business secure?


Read our report: Passwords Are the W0r$T!—It's Time To Adopt Passwordless Authentication


Methodology

Capterra conducted the 2023 Insider Threats Survey in March 2023 among 400 respondents to learn more about insider threats at U.S. businesses. All respondents were screened for leadership positions within their company.


Looking for Data Loss Prevention software? Check out Capterra's list of the best Data Loss Prevention software solutions.

Was this article helpful?


About the Author

Zach Capers profile picture

Zach Capers is a senior analyst at Capterra, covering IT security, data privacy, and emerging technology trends. A former internal investigator for a Fortune 50 company and researcher for the Association of Certified Fraud Examiners (ACFE), his work has been featured in publications such as Forbes, Business Insider, and Journal of Accountancy.

visitor tracking pixel