| 2 minute read

Avalon Cybersecurity Poll Recap: A Deeper Dive into Insider Threats

laptop with warning sign

Earlier this month, Avalon Cyber posted a poll on LinkedIn asking, “What cybersecurity threat keeps you up at night?” The choices were: external threat (for example, ransomware), internal threat (i.e., IP theft), or the birth of GenAI.

82% of respondents were most worried about external threats and 18% were concerned with GenAI; however, and somewhat surprisingly to our consultants, none of the respondents chose Internal threats as a major concern.

While external threats and artificial intelligence development and use are definitely areas that should be on a company’s (and its security team’s) radar, insider threats must not be ignored.

Here are a few stats to prove their significance:

  • According to IBM’s Cost of a Data Breach Report 2023, data breaches initiated by malicious insiders were the most costly, around $4.90 million on average or 9.5% higher than the $4.45 million cost of the average data breach.
  • The Verizon 2023 Data Breach Investigations Report revealed that while the average external threat compromises about 200 million records, incidents involving an inside threat actor have resulted in the exposure of 1 billion records or more.

A recent article from CSO Online reminds us of the insider threat aspect and the related management of insider risk. It states that “Chief information security officers (CISOs) focus predominantly on technologies: user entity behavior analytics (UEBA), security information and event management (SIEM), data loss prevention, and the like. There isn’t as much emphasis on stepping outside the view of their colleagues as streams of user data, to instead see them as people with complex lives and various pressures placed upon them.”

While this article explores a variety of insider risks, opportunities, and ways to help avoid such incidents from a CISO’s standpoint, everyone should heed their advice. In particular, to watch for employees who exhibit signs of dissatisfaction surrounding things like compensation, benefits, opportunities for promotion, and performance feedback. The article also mentions that Pew Research has found that the more interaction between workers and managers and the more feedback given equates to greater job satisfaction, i.e., that employee presents a much lower risk of dissatisfaction and, therefore, becoming a threat.

Making employees happy is an excellent way to ensure your organization thrives, and hopefully, your company does all it can to show appreciation and concern for your most important asset: your people. But, as we all know, you can’t please everyone. So, how do you know if there’s nefarious activity happening within your company’s environment?

Signs of insider threats include:

  • Massive downloading of corporate data
  • Creating backdoor accounts
  • Changing all passwords
  • Sending sensitive data to an outside email address
  • Disabling system logs
  • Accessing other employees’ systems
  • Installing unauthorized software

If you witness any of these indicators of IT sabotage or data theft, you need to take immediate action by reporting it to a manager or supervisor. If you see something, say something.

How to prevent insider attacks

Here are a few best practices to implement to keep your company’s data safe from insider threats:

  • Cybersecurity policies: Having rules helps secure your data – and helps you take action – if someone has gone against policy. Educate your employees, vendors, and other stakeholders on the procedures (and consequences) surrounding data misuse, what to do if there’s a security incident, etc.
  • Access management: Employees should only have access privileges for the data they need on a daily basis.
  • Passwords and MFA: Enforce complex password practices and utilize multi-factor authentication for all employees.
  • Logging and auditing: Routinely review log and audit trails to check for anomalies, which could indicate insider threats.
  • Vulnerability assessments & penetration tests: Validate security measures and identify weaknesses so they can be fixed or monitored before they can be exploited. Vulnerability scanning should be performed at least monthly and penetration testing, both internal and external, should be performed at least annually.
  • Data protection: Encrypt sensitive data and prevent its exfiltration with data loss prevention tools and procedures.

 Your organization must be prepared to identify both data driven and human signals of potential concerns, and we hope this article has provided some helpful information. If you have questions or concerns about insider threats, contact our team of battle-tested experts today.

Resources:

https://www.ekransystem.com/en/blog/insider-threat-definition

https://www.redscan.com/solutions/insider-threats-cyber-security/

https://www.ibm.com/topics/insider-threats

https://www.lepide.com/blog/best-practices-to-prevent-insider-threats/

Blog Articles

Employee Spotlight: Sofia Johnson

 

 

Every once in a while, we like to show off one of our hard-working, detail-oriented problem solvers. Take a moment to see who's in the spotlight today!

Mastering Basic Cybersecurity Hygiene for Long-Term Success

As a cybersecurity leader who’s seen too many breaches start with the simplest oversights, I often say: “You can’t build castles on a sand foundation.” In today’s landscape, where ransomware attacks are a daily occurrence for businesses large and small, basic cybersecurity hygiene isn’t optional; it’s your first line of defense – the basics that keep your organization resilient.

Analyzing September 2025’s Critical Zero-Day Vulnerabilities

September 2025 has been a powerful reminder that today’s greatest cyber risks often come from the software we rely on most. In just a few short weeks, organizations faced a wave of critical zero-day vulnerabilities across remote access gateways, communication apps, password managers, and even everyday utilities. These weren’t hypothetical risks – they were live, actively exploited threats.