Examples of unintentional acts that can result in
                   data breaches include:                            Cost of Insider Related Incidents
                                                                     Reported Over a 12-Month Period
                   Accidental disclosure – An insider unintentionally
                   or erroneously publishes or mishandles sensitive     Total number of insider
                   information,  or  sends  it  to  the  wrong  party  via   incidents: 3,269.
                   email, fax, mail, or social media posting.          Total average cost: $8.76 million.
                                                                       Incidents relating to
                   Phishing/social  engineering  –  An  outsider’s
                                                                         negligence: 64%.
                   electronic  entry  is  acquired  through  social
                                                                       Incidents relating to criminal
                   engineering (e.g. phishing email attack, planted or
                                                                         insider: 23%.
                   unauthorized  USB  drive)  to  acquire  an  insider’s
                   credentials or to plan malware to gain access.      Incidents relating to user
                                                                         credential theft: 13%.
                   Unauthorized  access  to  physical  records  –  Lost,   Source: Research: Ponemon Institute©, and
                   discarded, or stolen nonelectronic records, such as   Sponsorship: ObserveIT, 2018 Cost of Insider
                   paper documents, are accessed by unauthorized or   Threats: Global, April 2018.
                   malicious users.

                   Unauthorized  access  to  portable  equipment  –
                   Lost, discarded, or stolen data storage devices, such as a laptop, smartphone, portable memory
                   device, CD, hard drive, or data tape are accessed by unauthorized or malicious users.



                   Anatomy of an Insider Threat

                   To build the profile of an insider threat, it is important to consider multiple factors (dimensions)
                   such as who represents the threat, what assets can be targeted, the motivation for the attack, and
                   the potential effects on the organization.

                   Threat Source or Actor

                   Insider  threats  are  not  necessarily  hackers  or  cybercrime  experts,  which  makes  the  task  of
                   identifying  them  difficult.  Insiders  by  definition  are  individuals  or  entities  that  have  or  had
                   authorized access to the organization’s information and information systems (physical or logical).
                   Common threat actors that should  be  considered  when  building  insider threat profiles or risk
                   scenarios include:

                         Current or former employees.

                         Full-time or part-time employees.
                         Temporary employees or contractors.
                         Trusted business partners.






                         www.theiia.org                                      Auditing Insider Threat Programs   6