Best practices for cyber risk prevention, the human factor.

Standard Cybersecurity Programs Overlook Insider Risk

Standard cybersecurity programs often fail to address a significant part of the risk generated by employees. Current tools are insufficient, and to obtain better results, a new approach is necessary.

From the insider threat we are all part: company employees, subcontracted personnel, and suppliers. Insider risk is one of the biggest unresolved problems in cybersecurity, present in 60% of incidents reported in recent studies.

Understanding the Threat

Organizations sometimes struggle to clearly define the concept of insider threat. Here, it refers to cyber risks posed by the behavior of employees (including subcontractors). Notable incidents in recent years have often involved third parties.

Insider Risk Groups (IRG)

• Malicious insiders: Seek to benefit at the company’s expense or directly harm it — theft, fraud, public exposure of confidential information, sabotage.
• Negligent insiders: Create vulnerabilities or cooperate inadvertently due to mistakes, poor training, or carelessness.

Insider incidents often develop gradually over months or years, with warning signs appearing well before the event. Detecting these signals early is essential.

The Dimensions of the Problem

• 60% of cybersecurity incidents have a substantial insider component.
• More than half of breaches involving privileged information result from negligence or unintentional collaboration.
• Insider breaches can cause substantial financial damage — from hundreds of thousands to hundreds of millions of dollars.

Most affected sectors:

• Financial services
• Telecommunications
• Technology services
• Healthcare
• Government

Problems with Current Approaches

Most companies rely on User and Entity Behavior Analytics (UEBA) to detect anomalies. However:

1. Detection often occurs after the incident.
2. High number of false positives wastes resources.
3. Risk behaviors can become part of the “normal” baseline and go unnoticed.
4. Massive data collection raises privacy and cultural issues.

Overly aggressive monitoring can also harm trust and morale, especially outside high-security contexts like defense or critical infrastructure.

A Better Preventive Approach: Three Pillars

1. Micro-Segmentation

Identify “hot spots” by role, access, and potential impact, then tailor interventions. This allows:

• Clear understanding of risk per group.
• Specific remediation actions.
• Group-level monitoring that protects individual privacy.

Example: In a pharmaceutical company, IAM and HR data can highlight R&D units with the highest exposure. Targeted retention and engagement programs can mitigate risks like disgruntlement or disengagement.

2. Cultural Change

Address the underlying attitudes and beliefs that contribute to risk.

• Go beyond basic training — reinforce cyber-hygiene through leadership involvement and targeted communications.
• Identify and address drivers such as financial stress, lack of promotion, or poor management.

3. Prediction

Use predictive analytics to identify individuals or groups at risk early in the threat lifecycle.

• Monitor specific risk markers, not just behavioral deviations.
• Intervene before incidents occur, working collaboratively with employees to strengthen their security posture.

Conclusion

The insider threat is one of the largest problems in cybersecurity, representing a massive share of attacks and financial damage. While monitoring technologies are valuable, their impact grows significantly when combined with:

• Micro-segmentation
• Cultural change
• Predictive analysis

Discover more about insider risk prevention at Kymatio.com

More information about the author: Fernando Mateus