Insider attacks such as fraud, sabotage, and data theft plague 71% of U.S. businesses, according to Capterra.
These schemes can cost companies hundreds of thousands of dollars and the vast majority of businesses (79%) say they take longer to uncover than external threats.
Companies must limit data access
According to Capterra’s research, companies that allow excessive data access are much more likely to report insider attacks. However, only 57% of companies limit data appropriately while 31% allow employees access to more data than necessary and 12% allow employees access to all company data.
Also alarming, of the companies that have experienced insider attacks, one in three (34%) report that the scheme involved an employee with privileged access.
“Businesses that restrict data appropriately are twice as likely to avoid insider attacks,” says Zach Capers, senior security analyst at Capterra. “That’s why it’s critical to employ the principle of least privilege, restricting data only to what employees need to do their job. Highly-privileged users must also be scrutinized and the use of admin rights should be minimized.”
Insider fraud schemes are especially financially devastating
Data theft is the most common type of insider attack, reported by 38% of businesses. This is concerning because, in many cases, these incidents also constitute a data breach.
The second and third most common types of insider attacks are the misappropriation of assets (32%) and disclosure of trade secrets (30%), respectively.
While not the most common type of attack, insider fraud schemes are especially financially devastating—costing businesses nearly a quarter of a million dollars, averaging $262,138.
These types of attacks also typically take businesses five months to uncover. Since fraud is concealed by its very nature, it’s suspected that these averages are even higher than officially reported.
Insider attacks can damage business competitiveness
Motivation to commit insider attacks is often borne from need or greed—but in most cases it also stems from disgruntled employees seeking retribution. Of companies that have experienced insider attacks, four in five (80%) have been victimized by disgruntled employees.
Amid a spate of layoffs in the tech industry and following the so-called Great Resignation during which employees sought better pay and benefits en masse, the potential for disgruntled employees must be taken more seriously than ever before.
Insider attacks can damage businesses’ reputations, finances, and competitiveness, and therefore companies should take a proactive approach in preventing these incidents.