As ransomware attacks rise, insiders remain biggest threat to your company

    This content was originally published on

    Ransomware attacks are indeed on the rise, but what people fail to realize is that the largest threat to businesses lies in insiders maliciously stealing company information. These insiders, who have privileged access to the network – including employees, clients, vendors, and management – pose a significant risk. Rather than accidental mistakes like employees negligently clicking on phishing schemes, these individuals intentionally exploit their access to gain unauthorized access, steal sensitive data, or cause harm to the organization in another fashion.

    Insider threats: On the rise, costly, and sneaky

    Studies have shown how much of a threat insiders with malicious intent can be to businesses. According to a report by Proofpoint, insider threats accounted for $15.38 million in average costs, affecting 34% of businesses annually. Malicious insiders have an advantage as they are familiar with the organization's systems and processes, making it easier for them to navigate through security measures undetected. In addition, their nefarious activities are often impossible to distinguish from legitimate work activities by IT security. Even the U.S. government, with all its levels of security and screening, has shown how much of a challenge protecting classified information can be from inside threats. Some of the most significant leaks have been from insiders such as Edward Snowden.

    There is also a popular misconception that insider threats have to come from people high up in the company, but statistically, that isn’t always the case. Approximately 61% of internal actors are not in positions with a high level of access or stature. Going back to our U.S. government example, Edward Snowden was a contractor for the National Security Agency (NSA)  and showed that anybody who possesses knowledge and access based on their role within the organization can steal classified information. Given that the U.S. government, with all its security infrastructure, can struggle to protect its sensitive information, how can corporations hope to do better? Here’s a few tips on how to protect yourself and your organization:

    1. Define Proprietary Information Clearly

    “To protect against insider threats, organizations should consider implementing various measures, starting with clear clauses and agreements that define intellectual property and ensure that employees understand that the work they produce belongs to the company,” David Sun said. David is the National Practice Leader for Cyber Incident Response and Forensics at CohnReznick LLP. This education is crucial in dispelling the notion that employees can take company-owned materials, such as contact lists or internal documents, with them when they leave. By educating employees about ownership and setting clear expectations, organizations can prevent misunderstandings regarding intellectual property.

    2. Technical Tools: Limit Access

    Technical controls also play a vital role in preventing insider threats. “Companies should consider tightly controlling USB storage functionality on computers to prevent employees from easily copying large amounts of data onto portable devices. In addition, access controls should be implemented, ensuring that employees only have access to the information necessary for their specific job roles,” said Sun. By limiting access to sensitive data and implementing need-to-know basis controls, companies can minimize the risk of unauthorized data extraction. In other words, only the necessary parties should have access to sensitive information.

    3. Monitor Computer Activities Closely

    Proactively monitoring and highlighting high-risk employees may involve tools that collect screenshots, log keystrokes, record file downloads and copies, and monitor email activities. By closely monitoring the activities of high-risk individuals, organizations can detect any unusual or unauthorized behaviors and take prompt action to prevent data breaches or leaks. A multi-faceted approach to address their cybersecurity needs, including insider threats, is important to combat this issue.

    4. Solid Employee Departure Process

    Without effective measures in place, companies are at risk of losing money, clients, and data. The reality is there is generally a lot of sympathy when a company is a victim of a ransomware attack and oftentimes ransomware threats are over quickly. With insider threats, the damage can be more far-reaching and crippling to a company.

    “To combat the impact of insider threats, companies should have a key employee departure process which includes proactive forensic preservation and analysis to identify any suspicious activity before damage has been done to the organization,” warned Sun. While preventive measures are important if a company is attacked, they need to react before it is too late.

    For businesses, the real threat may lie closer to home – and thankfully, taking preventative measures can prevent the damage these insider threats can unfortunately cause.


    Get in touch with our specialists

    View All Specialists
    David Sun headshot

    David Sun

    Principal, Cybersecurity

    Looking for the full list of our dedicated professionals here at CohnReznick?



    Let’s start a conversation about your company’s strategic goals and vision for the future.

    Please fill all required fields*

    Please verify your information and check to see if all require fields have been filled in.

    Please select job function
    Please select job level
    Please select country
    Please select state
    Please select industry
    Please select topic

    Related Insights

    Our solutions are tailored to each client’s strategic business drivers, technologies, corporate structure, and culture – addressing any industry-specific needs.

    This has been prepared for information purposes and general guidance only and does not constitute legal or professional advice. Neither CohnReznick LLP or its personnel provide legal advice to third parties. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and CohnReznick LLP, its members, employees, and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.