Today’s security solutions need to do more than just “let the good guys in and keep the bad guys out.” That’s because an increasing number of security breaches are the result of actions by insiders, whether malicious or inadvertent. When employees share passwords or lose corporate data—or third parties put information at risk with inadequate safeguards—even the “good guys” can pose a security risk.

An IBM® X-Force® report found that insiders were responsible for 60% of attacks surveyed in 2015, compared with 55% in 2014. Of those, 23.5% were inadvertent actors. 1

60% of all attacks were carried out by insiders

page2_60% Insider Attack

Often unwittingly “recruited” to aid the cause of others with malicious intent, insiders are becoming key players in carrying out highly damaging—and potentially prolonged—attacks. And because they’re insiders, they manage to do so without arousing any suspicion, by logging onto a social media site from a corporate network-attached device or opening an email attachment sent by a legitimate-looking business contact.

Then there are the malicious insiders making up the remaining 31.5%, whose actions are not at all innocent. These insiders are especially dangerous, because they know they have access to valuable information—the loss of which can inflict great damage to the organization. This malicious intent, coupled with legitimate access to sensitive data, makes these insiders all the more dangerous. The unsettling truth is that just because they’re considered to be “insiders” doesn’t mean they can be trusted. So it’s important to remember that situations and relationships can change over time—and not always for the better.

1IBM Cyber Security Intelligence Index 2016