Insiders are responsible for more than 60% of security breaches, according to a recent study conducted by analyst firm IDC.
From deliberately stealing or destroying sensitive corporate data to falling victim to hackers, damage created by insiders can be costly, explains Bateleur Software.
And, the company says, in response to this, organisations around the world are placing a greater focus on finding solutions to safeguard against insider threat that go beyond perimeter protection.
Leon Bouwer, product manager of Bateleur Software, says the growing awareness of the insider threat and the recognition that security breaches by internal, trusted users are at least as risky as malicious outsiders are pushing organisations to take action.
"For years, organisations have been focusing their information security efforts on protecting themselves against external threats posed by growing exposure to the Internet. Deploying an expanding array of solutions such as firewall, anti-virus, anti-spam, intrusion detection and prevention, and anti-spyware, most organisations have built solid walls to protect their perimeters," he says.
"Today, many of them are realising that these defences will not necessarily help them deal with a different type of threat, which can no longer be seen as less risky - the insider threat."
Dealing with the insider threat has become more challenging in recent years as organisations now provide internal network access to a broader scope of users, including remote employees, partners, customers, subcontractors and consultants, the company explains.
Bateleur Software says because these sources are trusted, they are permitted access to sensitive corporate information. In this situation, it says, organisations become increasingly exposed to insider threats such as resource misuse, privacy violations, destruction of critical data, proprietary information loss, fraud and planting of logic bombs.
Leaving a trace
One emerging approach is application-level user behaviour tracking, which allows organisations to detect fraud and other misconduct by insiders by tracking user activities in corporate business applications.
This approach enables the tracking of authorised user access to corporate data that normally does not leave any traces, such as queries and other read-only actions that can be misused for personal gain - for example, selling sensitive customer information, Bateleur says.
By proactively detecting suspicious behaviour at the application level, instant alerts can be generated, and immediate action can be triggered to suspend the suspected user until further investigation is made, the company concludes.
Related story:
Internal corporate threats sniffed out
Share