Amid the turmoil and confusion surrounding the COVID-19 pandemic, companies were forced to hastily implement solutions that could allow employees to shift to telework overnight, creating extensive opportunities for bad actors and insider threats to flourish.
The 2020 Cost of Insider Threats Global Report study from Ponemon Institute reveals a worrying trend in the rise of insider threats that could cripple organizations’ infrastructures. In just two years, the number of insider threats has increased 47%, from 3,200 in 2018 to 4,716 in 2020. At the same time, the cost of these incidents has surged 31%, from $8.76 million in 2018 to $11.45 million in 2020.
While careless or negligent employees make for 62% of incidents, costing organizations an average of $307,111 per incident, malicious insiders or credential thieves bare a higher price tag of $871,686 per incident. The cost per incident is also influenced by organization size and operating industry.
The report shows that, “the fastest-growing industries for insider threat were Retail (38.2% two-year increase) and Financial Services (20.3% two-year increase).”
Investigation and containment of such incidents play an important role in the aftermath. On average, it takes a company 77 days to contain each insider threat incident, and only 13% of the analyzed security incidents were contained in less than 30 days.
Amid recent cyber events and organizational redundancies brought by the deviation from normal work conditions, companies are struggling to seal off security gaps while also dealing with the variety of COVID-19 threats spreading like wild fire.
Reckless employee behavior stemming from reduced vigilance of organizations can allow any existing malicious insiders to further exploit their administrative privileges to disrupt operations and even paralyze the business. Even when security training and awareness programs are enacted, the likelihood of workers accessing and sharing confidential information insecurely has increased sevenfold.
On April 16, The U.S Department of Justice arrested a former employee of a Georgia-based medical supplies company after allegedly sabotaging the shipment of protective equipment to healthcare facilities. Just 3 days after the termination of his contract, the individual, who had administrative access to the organizations’ network, logged in using a fake user account. Not only did he manage to disable the shipping system, he also edited and deleted thousands of company records. The company estimated the monetary losses exceeded $5000, and, according to DOJ court documents, “the computer intrusions caused potential modification or impairment of the medical examination, diagnosis, treatment or care of at least one person and a threat to public health and safety by delaying shipments of PPE."