• Insider threats are haunting organizations: 83% reported insider attacks last year, with cases exceeding 10 grew 5X.
• Complex, shadowy IT environments, lax policies, and increasingly convincing AI-driven phishing turn well-meaning employees into unwitting monsters.
• Arm your defenders with Defense in Depth: strong email security, Zero Trust, SSE/web gateway, EDR, and DLP to stop insider tricks at the door.

Halloween tends to summon all kinds of frights. But for security professionals, the haunting thought of threat actors lurking in their environment is year-round. On top of those lingering fears comes the real jump scare: the instant you realize an attack is underway—or worse, that a breach has already happened.

Scary stuff, I know. And scarier still when you discover the malevolence was actually invited in, or worse, that one of your own is the very threat you’ve been fighting all along. Too often, the call is coming from inside the house.

We’ve traced the call

More than four in five (83%) organizations reported suffering an insider attack last year. And like a horror movie presence that refuses to scram no matter how many cleansings you attempt, the percentage of organizations suffering more than 10 insider attacks in 2024 saw a 5X increase over 2023. 

You won’t need a clairvoyant to find the source of this trouble. Insider threats rise up from a number of conditions, including:

• Black hole IT infrastructure. As organizations grow and hybrid working models proliferate, IT environments become an evermore intricate web of tools and interactions, leading to security gaps only a monster could love.
• Doomed security measures. Losing sight of current best practices can put you very much in the dark. Failing to enforce data use policies, for instance, can turn best intentions into impending doom. Consider this: 30% of stolen credential attacks occur on enterprise-licensed devices, and nearly half of those involve employees mixing work and personal logins. When policies go unenforced, even trusted users can become the weakest link.
• Ghastly employee training. Most insiders aren’t demonic forces bent on ruining you. Like the character you scream at to not go into the basement, employees don’t always realize they’re doing something they shouldn’t.
• The ghost in the machine. Verizon’s 2025 Data Breach Investigations Report notes that synthetically generated text in malicious emails has doubled over the past two years, which makes phishing and spear phishing even easier for threat actors looking to digitally go all Michael Meyers on unsuspecting employees or partners.
• A skeletal security stack. Too many organizations hope “good enough” security is really good enough. It isn’t. Just as a ring of salt likely isn’t enough to fend off a crypt full of vampires at feeding time, inadequate security protections will leave you vulnerable to losing the lifeblood of your business: your data. 

Fight the evil the right way

Insider threats are serious enough for SecOps managers to suit up and face the dark forces targeting their systems and data. Though just a quarter of insider attacks are intentional (89% financially motivated and 16% for espionage), the right protections arm you against both the legions of evil (intentional acts) and the forces of carelessness (everybody else). 

Here are some cybersecurity amulets that help keep the darkness at bay.

• Email security. Email is a primary vector for targeting unsuspecting employees with deviously crafted phishing and spear phishing emails. Strong, resilient email security is essential, with behavioral analytics and AI increasingly needed to tell the trustworthy from the sulfurous. Identity and Access Management (IAM) systems help ensure users don’t stray into dangerous areas.
• Endpoint protections, detection, and response. Some threats are insidious enough to sidestep frontline protections. When that happens, you need to summon the forces of good, including endpoint protections that find and stop threats before they wreak unholy havoc on your environment. Endpoint security monitors and shields your endpoints, while Endpoint Detection and Response (EDR) helps find and stop threats as they’re taking place. (Some endpoint protections can even predict the next moves of your tormentor—something every character in every scary movie desperately needs.)
• Zero Trust defenses. Like vampires, users and software shouldn’t enter uninvited. Zero Trust Network Access (ZTNA) solutions offer essential protections for complex environments, but don’t stop there. Application control stops apps and files from running until you can determine they don’t pose a threat (because some monsters look just like the rest of us).
• Network and web security. People go places they shouldn’t; it’s just human nature. When they do, it’s up to you to keep a bad click from changing before your eyes into a full-fanged threat. That’s where network security solutions like Secure Security Edge (SSE) and web gateway prevent all that careless clicking from causing absolute chaos.
• Data security. Despite all your training and good advice, some employees will forget the rules or simply ignore them. Enter DLP, which protects sensitive data from going where it shouldn’t, no matter if it’s in use, in transit or at (eternal) rest. The right DLP solution can even prevent generative AI platforms from sending your data into the deep, dark night.
• Defense-in-Depth. When it comes to burying bad juju, it helps to dig deep. A Defense-in-Depth strategy combines the above protections and more into a multi-layered environment designed to detect and stop the baddies (internal or otherwise). It’s smart to batten down the hatches, but keep that crossbow at the ready too.

Don’t let insider threats spoil your Halloween fun (or your business). Get the right policies and protections in place, and turn cyber tricks into security treats for your entire organization.

For more insight into how to protect your environment from all kinds of threats—insider, outsider, and beyond—explore this SANS webinar that outlines a Defense-in-Depth strategy that’s anything but evil.