Insider Threat Assessment

What about the Insider Threat?

Malware, social engineering and phishing continue to be the primary vectors of compromise year after year.

Three categories of insider threats


Threat actors who have stolen a legitimate employee's credentials pose as authorized users, utilizing their accounts to exfiltrate sensitive data. Employees often don't know they have been compromised.


Employees without the proper security awareness training can inadvertently misuse or expose confidential data, often as a result of social engineering, lost/stolen devices or incorrectly sent emails/files.


Bad actors-such as current or former employees, third parties or partners-use their privileged access to steal intellectual property or company data for fraud, sabotage, espionage, revenge or blackmail.

Insider threats cause the most damage to an organization’s security.

  • $700 +

    Average cost

    Average cost of insider incidents

  • 50%

    Data breaches

    According to McKinsey, 50% of data breaches in 2017 were caused by insiders.

  • 77%

    Caused by unwitting employees

    77% of these breaches caused by unwitting employees

What options we have when dealing with insider threats?

  • Hiring Practices – Before hiring, get a good understanding of an applicant’ personality through social media.
  • Policies and Procedures – Policies and procedures must be reviewed, updated regularly and enforce d to be effective.
  • Training- Many organizations provide some type of training as well.
  • Culture – If employees are treated as valuable, they are much less likely to take care of the organization.
  • Automation- Good networking tools could give us clues as to whether anomalies seen on the network are actually insider actions.

Whether you need to build insider threat program from scratch or fine-tune existing one, Cetark’s team of cyber professionals can provide you with a tailored insider threat recommendation report that shows your company’s benchmarked against industry standards and best practices.