SmarterMSP.com recently covered the topic of insider threats, but many experts continue to point to these types of threats as one of the biggest cybersecurity challenges impacting organizations in 2025.
The Hacker News, for instance, says:
Insider threats are expected to intensify in 2025 due to the continued rise of remote work, AI-powered social engineering, and evolving data privacy concerns. Remote work environments expand the attack surface, making it easier for malicious insiders or negligent employees to expose sensitive data or create access points for external attackers.
Carelessness is often the main culprit
It is always worth noting when discussing insider threats that while the term conjures up images of a malicious mole in a company cubicle, insider threat damage is often the result of carelessness rather than some Hollywood-script-style hijinks.
“When it comes to managed service providers (MSPs) mitigating insider threats, the challenge lies not only in monitoring external risks but also in addressing potential vulnerabilities that come from within their teams or clients’ employees,” says Raul Morales, security architect at IBM.
Morales advises that the first thing that MSPs can do to combat threats from the inside is to cultivate a culture of security awareness. “One of the most effective ways to reduce insider threats is through continuous security education,” Morales says, adding, “MSPs should actively promote awareness programs that inform both their staff and clients about the risks of insider threats. Employees need to understand how their actions, whether intentional or accidental, could jeopardize sensitive data.”
Another area he believes that MSPs need to focus on is role-based access controls (RBAC). “Limiting access to systems based on job function is crucial,” Morales notes. “This reduces the risk of data exposure or sabotage from insiders.” He also shares that MSPs should ensure that employees and clients only have the minimum access required for their roles.
Beware of trusted users
Another focus for MSPs regarding insider threat mitigation is monitoring and anomaly detection. Morales explains that insider threats often go unnoticed because the activity appears to come from trusted users. “MSPs need to implement monitoring systems that detect unusual behavior, such as accessing sensitive data during non-work hours or downloading large amounts of information,” he says, adding that “behavioral analytics can flag suspicious activities that may otherwise be overlooked.”
Morales also advises that MSPs should adopt the principle of least privilege. “This can ensure that no employee or client has more access than they need,” says Morales. He emphasizes that “regular audits of user privileges can help in spotting discrepancies or outdated permissions. “MSPs can also mitigate insider threats by using and implementing data loss prevention (DLP) tools,” Morales explains, adding that “Using DLP technologies allows MSPs to monitor the flow of sensitive information and block unauthorized data transfers. This is essential for preventing insiders from exfiltrating data, whether maliciously or accidentally.”
Focus on incident response and planning
Morales advises MSPs to foster robust incident response planning and simulation as part of their regular service package to protect against insider threats.
“MSPs should have strong incident response plans that include protocols for addressing insider threats,” he says, adding that “regular simulation exercises can help employees understand their role in identifying and responding to suspicious activities.”
Lastly, the growing use of zero trust applies to the insider threat. “A zero trust approach assumes that any user, internal or external, could potentially be a threat,” explains Morales. “MSPs can mitigate insider risks by verifying all access requests, continuously monitoring users, and requiring multiple forms of authentication for sensitive actions.”
Joe Warnimont, security and technical expert, adds that in addition to all the insights Morales provided, there needs to be a reporting system in place for employees.“One tried and true method is to offer employees a way to report suspicious activity — without linking those reports back to the original whistleblower,” says Warnimont, adding that anonymity is key.
“Unfortunately, many people still don’t trust tip lines, so it’s your job to demonstrate its true anonymity,” Warnimont points out. “Providing informational sessions that display how the unanimous reporting system works. Show how the tips appear to the person reading them. Employees want to help protect the businesses they work for, but not if it’s at the potential expense of their own employment.”
Addressing insider threats requires a multi-faceted approach, from cultivating a culture of security awareness to implementing role-based access controls, anomaly detection, and robust incident response plans. MSPs can also benefit from adopting a zero-trust model and ensuring employees have a secure and anonymous way to report suspicious activity. Proactively educating teams, limiting access, and using the right technologies can significantly reduce the risk of insider threats.
Photo: iLixe48 / Shutterstock
This post originally appeared on Smarter MSP.