Insider Threats - the myth of the black swan

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Nov 30, 2014 9:00:00 AM

Insider Threats - the myth of the black swan While the reported $40 billion of insider threat losses for the US economy seem scary, many companies consider insider threats to be more like a ‘black swan’ event – highly visible, but extremely rare, abstract, and too hard-to-predict in order for it to constitute a real threat. But it is the gray areas companies should be wary of.

In previous posts of this series, we described how companies are affected by malicious insider incidents, and what impact and cost these incidents might cause. Most think of highly publicized whistleblower cases such as Edward Snowden and Bradley Manning. Overall, these seem like natural disasters (e.g., earth quakes), you can take some precautions, but then you just hope it will not happen to you … and if it does, it will be disastrous (and you just have to accept it).

In addition, I often hear arguments from small and medium sized companies that they do not feel exposed to the insider threat because:

  • The insider threat is considered to be more a problem for government agencies, and most often their top-secret activities.
  • Their company assets that could be stolen are of limited size and value, so a large-scale theft and leak is less likely to happen. And if it does, it will not have that big of an impact.
  • They know their employees well and have basic security measures in place to further reduce any remaining risks.

These arguments are backed by recent numbers of the average financial impact of insider threat cases for US companies. Only 3 percent of companies report the cost for an insider threat case to be over $1 million or more, and 70 percent of financial losses are estimated to be less than $50,000 per case. If the majority of cases are rather inexpensive to most companies, and the huge ones are rare and unpredictable, should we really care and act upon the insider threat inside companies?

Beware of the gray area

Topics: Insider Threats

Subscribe to the Vectra Blog

Recent Posts

Posts by Topic

Follow us