It’s the worst possible insider threat scenario. Two cybersecurity pros used their expertise to identify weaknesses in IT environments and deploy ransomware attacks. They worked directly with the ALPHV/BlackCat ransomware group, taking 80 percent of the ransom. One victim wound up paying $1.2 million in Bitcoin to the conspirators.
It’s a growing trend in Ransomware-as-a-Service operations. Ransomware groups develop and maintain the malicious software and sell it to “affiliates” in a subscription-based model. Although many affiliates lack advanced technical skills, RaaS groups increasingly recruit IT professionals. These insiders provide a faster, cheaper and more reliable way to breach well-defended corporate networks compared to external hacking methods.
Most insider threats aren’t that severe. However, insider threats cost the average organization $19.5 million annually due to downtime, forensic investigations, remediation, legal fees and regulatory costs.
The Rising Cost of Insider Threats
Insider threats are security risks originating from within an organization. Employees, contractors or partners misuse their authorized access either maliciously, due to social engineering or through negligence.
Malicious insiders intentionally abuse access to commit fraud, sabotage systems, or steal data or intellectual property. According to the Ponemon Institute’s 2026 Cost of Insider Risks Global Report, malicious insiders account for 27 percent of incidents with an average cost of $715,366 per incident.
Compromised insiders or pawns represent 20 percent of incidents. These are employees or contractors who have been tricked, manipulated or socially engineered by external attackers into unknowingly facilitating a security breach. These “outsmarted” insider threats also include credential theft and cost $842,462 per incident on average.
More than half (53 percent) of insider incidents are the result of negligence or human error. Users ignore security policies, use weak passwords, or click on malicious links or attachments. Negligent insiders cost organizations $10.3 million annually.
More than three-quarters of security breaches involve insider threats. Yet many cybersecurity solutions and processes are designed to thwart external threats. Organizations need tools that monitor all user activity and can recognize potential threats that originate from inside the network. This includes both successful and unsuccessful access attempts and security policy violations.
Tools and Techniques That Reduce the Risk
Insider threats typically have behavioral characteristics, such as logging into a system remotely or at odd hours. Other indicators include accessing or downloading large quantities of data and using or attempting to use USB ports and devices.
Preventing insider threats requires a multi-layered strategy that integrates technical controls, organizational policies and a focus on human behavior. User and entity behavior analytics (UEBA) establishes a baseline of normal activity and flags anomalies.
Organizations should enforce least privilege access principles. Users should be granted the minimum access level required for their specific job functions. Permissions should be reviewed regularly to prevent “privilege creep.” Multifactor authentication should be required for all sensitive systems and remote access to protect against credential theft. Organizations should also adopt a zero trust architecture that requires continuous verification.
Most importantly, organizations should build an insider threat program that includes stakeholders from HR, legal, IT and security to share insights and identify behavioral red flags early. This team should also evaluate which organizational assets are most vulnerable to internal misuse.
How Technologent Can Help
The cybersecurity experts at Technologent can help organizations implement tools and processes to detect both malicious and negligent insiders. We start by performing a thorough assessment to determine what tools are in place and identify gaps in security controls. In many cases, we can boost security by reconfiguring security tools or turning on features that aren’t being utilized.
Insider threats pose a greater cyber risk than cybercriminal gangs. Like external threats, they follow certain patterns and exhibit behavior that indicates a potential threat. Let Technologent help you implement security controls that protect sensitive information and avoid a costly security breach.
Comments