Dror Liwer is cofounder at Coro. Read the article on Forbes.
Myth: As long as I build strong enough walls around my organization, I’m safe from cyberattacks.
Myth Busted: Focusing exclusively on external threats is like fortifying your front door with steel and forgetting that someone with a house key can simply walk in.
Picture this: You’re the security director for a medieval castle. You’ve invested in a massive moat, reinforced walls and trained guards to patrol the perimeter. Yet one morning, you discover the crown jewels are missing. After a frantic investigation, you discover it wasn’t a master thief who scaled the walls—it was the trusted royal advisor who simply walked out with them in his pocket.
This scenario perfectly captures the insider threat dilemma in cybersecurity.
While external threats capture headlines, insider threats can be equally devastating. According to the 2025 Verizon Data Breach Investigations Report, 18% of security incidents involve internal actors. These aren’t always malicious employees plotting corporate espionage—more often, they’re well-meaning colleagues who made a critical mistake.
Insider threats generally fall into three categories:
1. The Negligent Employee: Bob in accounting who reuses the same password for his corporate account and fantasy football league.
2. The Compromised Employee: Sarah in sales whose credentials were phished after she clicked a convincing but malicious email link.
3. The Malicious Insider: Jessica in sales who, after accepting a job with a competitor, spends her final weeks downloading the entire customer database, complete with contract values and renewal dates, to give her new employer a competitive edge.
In 2022, Block (formerly Square) suffered a data breach when a former employee downloaded reports containing sensitive customer information long after their departure. The incident affected over 8 million users and demonstrated how access management failures can lead to serious security incidents.
Insider threats aren’t just security problems—they’re existential business risks. The 2023 Cost of Insider Threats Global Report by Ponemon Institute put the average cost of insider incidents at a staggering $15.4 million per organization, with the time to contain such threats averaging 85 days.
Insider threats are particularly challenging for the following four reasons:
1. Legitimate Access: Insiders already have authorized access to systems and data.
2. Familiarity With Security Measures: They know your security protocols and potentially how to bypass them.
3. Harder To Detect: Suspicious activity might look like normal work behavior.
4. Trust Advantage: We’re psychologically primed to trust colleagues, making detection more difficult.
So, how do you defend against the threat inside your walls?
• Implement least-privilege access controls—employees should only have access to what they absolutely need.
• Deploy behavior analytics to spot abnormal access patterns.
• Create formal offboarding processes that immediately revoke all access.
• Establish clear security policies and conduct regular training.
• Monitor privileged accounts with extra scrutiny.
• Implement data loss prevention tools to track sensitive information.
• Practice the principle of zero trust—verify, then trust.
The solution isn’t to create a paranoid workplace where colleagues distrust each other. Instead, think of insider threat protection as similar to how you’d handle household security: You trust family members, but you still lock valuable items away, maintain homeowner’s insurance and set ground rules for home security.
The myth that cyberattacks only come from external sources can lead to catastrophic security blind spots. While strengthening your perimeter is important, understanding and mitigating insider risks is equally critical.
Remember: Sometimes, the most significant threats aren’t trying to break down your door—they’re already inside, sipping coffee at the desk next to yours.