Malicious insider risk is an unpleasant but ongoing situation that every business has to deal with daily. Both current and former employees can intentionally damage a company, and just one disgruntled employee can wreak havoc fast However it happens, malicious insider actions are responsible for an estimated 25% of confirmed data breaches. They’re also risks for ransomware deployment, credential compromise and more nightmare scenarios. Exploring the ways that malicious insiders can shed light on why an employee might become a malicious insider.
What Do Malicious Insiders Do To Harm Companies?
There are myriad ways for an employee to do damage. Unhappy former employees can damage their employers when they leave by stealing data or proprietary information. According to a report by Gigamon, 35% of all ransomware attacks were caused by a malicious insider.
Current employees who need money or feel slighted in some way can do nasty things like selling their credentials on the dark web. Malicious actors can also directly unleash a cyberattack by deploying malware themselves.
The Top Malicious Insider Actions
62% – Exfiltrating Data
19% – Privilege Misuse
9.5% – Data Aggregation/Snooping
5.1% – Infrastructure Sabotage
3.8% – Circumvention of IT Controls
0.6% – Account Sharing
Disgruntled Employees More Likely To Steal Data
According to a report by the Palo Alto Networks, 75% of insider threat cases involved a disgruntled former employee who left with company data, destroyed company data, or accessed company networks after their departure. Malicious insider threats like those are especially worrisome as companies get wind of the crime long after it’s committed, which can be detrimental to their future.
Employees are most likely to steal data like intellectual property within 90 days of their resignation, with 70% of insider intellectual property thefts taking place in that window.
Here are two instances of data theft by disgruntled employees:
- In a suit recently filed in the United States District Court of the North District of Georgia, a consultancy company, Young and Associates, claimed that a former employee stole over 30,000 files to get a competing firm off the ground. In a court proceeding, the employee testified to stealing sensitive business information of Young and Associates and uploading it onto the network of his new firm.
- A former employee of a construction company, Williams Company stole several documents from the company, including the company’s bank account statements and tax returns, 401(k) information containing employees’ names, Social Security numbers, birth dates and their compensation. As a construction technology manager of the company, the employee was privy to intimate knowledge surrounding the company’s information technology systems and the protections the company had in place to safeguard its confidential information and trade secrets. He allegedly told the company that he stole the data for unforeseen personal issues.
Offboarding Failure Bumps Up Credential Compromise Risk
Most companies have security policies and security training as part of their onboarding process. But security isn’t just an onboarding concern. It’s a critical step in offboarding to reduce insider risk.
Over 90% of malicious insider incidents are preceded by employee termination or layoff, even if an employee is leaving an organization on good terms. Every former employee who leaves a company yet still holds a set of valid credentials with access permission is a security risk. The higher up the chain that employee is, the larger the risk is that unauthorized access using those credentials could cause major damage fast – 56% of employees use their continued digital access after their departure to harm their former employer.
In a 2021 study, researchers determined that after their employment ended, many former workers still had access to the systems, tools and solutions that they used at their former job including old email accounts (35%), work-related materials on a personal account (35%), social media (31%), software accounts (31%) or shared files or documents (31%).
Many also retained access to things like accounts with a third-party system (29%), another employee’s account (27%), a backend system (25%) and the company’s financial information (14%). Altogether, 83% of former employees surveyed said they continued to access accounts at their previous place of employment even after leaving the company.
It’s Time To Tighten Your Cybersecurity Screws
Building a strong security culture bolstered by a robust security awareness training program is critical for reducing non-malicious and malicious insider threats. Companies that engage in regular security awareness training have 70% fewer security incidents.
Organizations should keep an eye on the dark web since that’s where an employee would go to sell their credentials or stolen data. Bad actors will gladly pay to get a hold of a legitimate network credential that allows them to quickly gain entry into a company’s systems and easily fulfill their nefarious intentions.
Article courtesy Kaseya
