Five Workforce Trends That Intensify Insider Threats

August 17, 2023 Bryan Murphy

Five Workforce Trends That Intensify Insider Threats

Insider threats don’t often seem like threats at all. They look like colleagues working diligently at the office, logging on to the corporate network from Starbucks or providing a critical third-party service. But insider threats are a big problem that’s getting even bigger and costlier to tackle.

Insider threats

A 2022 Ponemon Institute study found that insider threat incidents surged by 44% in the two years analyzed, with impacted organizations spending $15.38 million annually on average to deal with the fallout. While hard numbers aren’t yet available for 2023, global risks and economic pressure are fueling five major workforce challenges that further intensify insider threats.

1. Workforce reductions. With any employee layoff or resignation comes the possibility that the person may take something they shouldn’t. According to the 2023 CyberArk Identity Security Threat Landscape Report, 58% of security professionals report instances of exiting users saving sensitive or confidential work documents outside of policy. In times of organizational turmoil, when concerns about layoffs might increase, these insider threats can worsen.

Consider this high-profile incident at a major beverage manufacturer: after learning of her upcoming layoff, an engineer exfiltrated documents containing trade secrets worth nearly $120 million in her final days as an employee. According to reports, she was one of just two people with access to the specifics of a top-secret chemical formula – the archetypal privileged user. The engineer was ultimately convicted and sentenced for her crime; however, the case highlights challenges many companies face in protecting intellectual property and other critical assets, especially during times of workforce change. Sixty-eight percent of security decision-makers expect layoffs and workforce churn to create new security issues in the next 12 months.

2. Shrinking third-party ecosystem. Cybersecurity risks due to belt-tightening extend to third-party vendors, such as contractors with insider access to sensitive information. If a third-party relationship ends and permissions aren’t promptly removed, the vendor could still access company assets or an external actor could hunt down these orphaned accounts and use them for malicious purposes.

Managing third-party access is a thorny challenge, no matter what’s happening in the world. In fact, surveyed security professionals say third parties – partners, consultants and service providers – represent the riskiest human identities.*

3. Rising “resenteeism.” As a July 2023 New York Times headline declared, “The ‘Great Resignation’ is over.” In this unstable economy, more employees are staying put. And a workplace buzzword is gaining traction to describe workers who aren’t thrilled about it – “resenteeism.” Whatever their grievances – from lack of job satisfaction to feeling undervalued or burned out – these workers tend to air them out in the open. Not only can resenteeism negatively affect workplace culture and productivity, but it can also increase malicious insider threat incidents.

Imagine an employee who’s experienced repeated promotion denials, feels undervalued and is growing increasingly resentful of their employer. “Getting even” might involve stealing or leaking sensitive data – or even advertising their ability to undermine their organization’s security, as security researchers recently observed. In a time when 63%*of organizations have not adequately secured the highest sensitivity access for their employees, there’s a chance the “resenteeist” could get away with it.

4. Personal financial hardship. The 2023 Verizon DBIR suggests that inflation and the soaring cost of living may be fueling more financially motivated insider threats. According to the report, privilege misuse – defined as “employees abusing the access they have been given to do their jobs,” and the leading cause of non-accidental internal actor breaches – is more often paired with fraudulent transactions than in the past several years. This could look like a financial comptroller – a privileged identity with access to systems where bank accounts and routing information are stored – making an unauthorized transfer into their own personal account.

DBIR authors write, “Seeing internal actors increasingly just redirect funds is especially concerning, considering it may be someone in a position to siphon significant resources away from the organization.”

5. Stress-driven slip-ups. Workforce reductions and churn have a profound impact on remaining employees. Many are expected to shoulder additional work, which can negatively impact stress levels. And stress goes hand in hand with mistakes.

Susceptibility to phishing and other social engineering attacks is already sky-high. Recent assessments by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) found that within the first 10 minutes of receiving a malicious email, 84% of employees took the bait by replying with sensitive information or interacting with a spoofed link or attachment. Overworked and overstressed employees could make it even easier for phishing attackers to “hook” credentials. And since 50%* of workforce identities have access to sensitive corporate data, their odds of reeling in a prize-winning catch are good.

As insider threats loom large, who can you trust?

That’s a trick question. Eighty-four percent of organizations experienced an identity-related breach in the past year* – further proof that trust has no place in cybersecurity.

By eliminating trust, any threat’s origin – inside, outside, anywhere – becomes less relevant. And without daunting labels, complicated threat categories or patchwork protections, security gets a lot simpler.

That’s the promise of identity security: powerful and continuous protection wrapped around every identity, grounded in Zero Trust and least privilege. With full visibility and control, organizations can quickly spot access misuse or abuse and other high-risk activities. Empowered, they can block and prevent threats from reaching critical assets and safeguard their infrastructure, devices and people – wherever they go.


*Source: 2023 CyberArk Identity Security Threat Landscape Report

Bryan Murphy is senior director of Architecture Services & Incident Response at CyberArk.

Previous Article
PAM and Cloud Security: The Case for Zero Standing Privileges
PAM and Cloud Security: The Case for Zero Standing Privileges

The cloud has introduced entirely new environments, roles and circumstances that require us to reimagine th...

Next Article
Buyer’s Guide: What to Look for in an Identity Security Platform
Buyer’s Guide: What to Look for in an Identity Security Platform

A buyer’s guide for finding an identity security platform to reduce risk and enable efficiency.