Insider Threats –
Security risks from internal and external employees

No cyberattack is possible without first breaching the network perimeter. Therefore, the obvious choice is to use regular login credentials for this purpose. An option for internal but also external persons, who first steal or obtain these data.

The insider threat is omnipresent and more than precarious

One of the most common sources of cyberattacks is the insider threat. It comes from internal and external employees such as contractors or suppliers and can be both unintentional and intentional. The constant danger is that regular, stolen or obtained credentials are misused to damage the corporate network or to siphon off information.

The fact that insiders – unlike hackers – are usually familiar with the organization’s security policies, procedures and vulnerabilities, makes the insider threat all the more precarious.

Data risk
57 %

More than half of data breaches and data thefts within an organization result from insider threats.

Containment time
72 days

On average, it takes two and a half months to contain an insider threat.

Negligence 2 of 3

Two out of three insider threats are due to negligence or non-compliance with security policies.

Lack of trust
94.3 %

Almost all executives have low to medium confidence in their third-party risk management tools.

Firewalls, IDS/IPS, Endpoint Protection do not provide protection

Security measures such as firewalls, IDS/IPS (intrusion detection and prevention system) and endpoint protection are not effective against insider threats: these measures rely on attackers breaching your systems from the outside and being detected. Your employees, however, operate within your network. Cybersense Deception recognizes them as a threat as soon as they move outside their usual scope of activity – whether intentionally or unintentionally. And because we know which Breadcrumbs have been used, we can often identify the culprits.

Create a security net against insider threats and be alerted as soon as employees – intentionally or unintentionally – move beyond their usual scope of activity.

Discover Cybersense Deception now!

Unintentional Insider Threats
Mistakes happen – despite all (security) training


A typical scenario: employees receive phishing messages from apparently familiar senders, which contain a malicious file attachment or link to a prepared website. The aim of the attack is to install malware on the employees' computers or to elicit personal (access) data from the victims on the fake website. Or employees use accounts with extended rights but do not log out, thus facilitating unauthorised access to confidential data. No matter how much security training you provide your employees, mistakes happen.


Correct configuration of the IT and security infrastructure is a challenge for every organization: systems often have to be integrated or removed, firewall rules are changed during troubleshooting without proper change management or inherited rights are assigned to group members or users who do not need them at all. Likewise, internal dangers result from misconfigured network devices that allow unauthorized data traffic across network perimeters, or from cloud permissions that allow public access to private data.

Intentional Insider Threats
When employees act intentionally or criminals use vulnerable networks of affiliated companies

Abuse of rights by (ex) employees

In principle, an insider threat can be posed by any person who has access to data, servers or systems. For example, if they feel they have been treated unfairly and, as a result, seek to harm their employer or client by stealing data or compromising systems. In addition, employees can also be recruited by criminals to obtain data or carry out corporate espionage.

Mergers and acquisitions

Companies involved in mergers and acquisitions (M&A) must validate the security infrastructure of the acquired company before connecting it to their network. This validation requires security audits, configuration checks and other activities. It is not uncommon for attackers to target companies directly after their acquisition has been announced: they gain access to sensitive data to exploit after the network merger.

Island Hopping

Attackers use this technique to target companies with highly secure infrastructures via connected third parties. In other words, they attack their primary target indirectly, for example via less protected workers who are employed in personnel companies, payroll service providers or marketing companies. Once the criminals have hacked a partner company, it is much easier for them to obtain sensitive data belonging to the target company through phishing or stolen access data, etc.

Do you have any questions? Would you like a demo?
We look forward to hearing from you.

Your contact partner
Sebastian Struwe

Contact us now