Malicious insiders: How to protect your business

Just as store employees can steal far more than shoplifters, malicious insiders can often wreak more havoc than cybercriminals.

By Nigel Bowen

Nowadays, most people are aware of the threat posed to businesses by tech-savvy lawbreakers operating from far-flung corners of the world, such as Russia and Nigeria.

Much less attention is being paid to the vast potential damage that can be caused by aggrieved or self-interested employees from only a few feet away.

While you may not have come across the term “malicious insider” before, it is possible that you know of – or maybe even know – one of them.

Malicious insiders, or “turncloaks”, use their legitimate access to a company’s files and security systems for personal or financial gain, or to harm their employer because they feel aggrieved at the way they have been treated.

While there are plenty of anecdotal accounts of small and large businesses falling victim to malicious insider attacks, there is not much solid data available on the scope of the problem.

Nonetheless, most cybersecurity experts argue that business owners and senior managers should be at least as worried about malicious insiders as they are about external malicious threats.

These experts also warn “inside job” attacks will have likely increased with the advent of widespread remote working.

Daniel Weis, senior cybersecurity specialist and lead penetration tester, Nexon.

Daniel Weis, senior cybersecurity specialist and lead penetration tester, Nexon.“Even before the pandemic, there were reports indicating about a third of all data breaches were the work of insiders,” says Daniel Weis, senior cybersecurity specialist and lead penetration tester at IT services company Nexon.

“Given most organisations have now embraced the cloud and are allowing some or all of their workforce to work from anywhere, at any time and access lots of sensitive data, it would be strange if malicious insider activity hadn’t grown since early 2020.”

When people’s circumstances change, their behaviours often change, too, agrees Charles White, chief technology officer with cybersecurity company Fornetix, who worked for US Army intelligence before going into the private sector. “It’s a lot more tempting to, say, go to a website you shouldn’t when you’re using a laptop in your living room, rather than using a desktop computer in an office,” he says.

“And, if you manage to visit inappropriate websites without suffering any adverse consequences, you may decide to start testing other boundaries.”

The perils of playing detective

As anyone who has employed or managed staff knows, discerning the current mindset and likely future actions of a worker is no simple task. By definition, malicious insiders want to damage or rip off their employers.

However, that does not narrow things down much, given that many employees, at least on their worst days, feel justified in questioning the integrity of their employer.

Academic research suggests that, while any employee has the potential to engage in IT sabotage, it is the underperformers and overperformers who should be watched most closely. That’s because the large majority of malicious insiders appear to be motivated by the prospect of financial gain.

Mediocre performers who are denied pay raises and promotions can easily morph into disgruntled employees. Overachievers may feel undercompensated for their efforts, or harbour ambitions to go out on their own, taking customer data with them.

According to the Australian Cyber Security Centre, “happy, valued and challenged staff members are less likely to act to harm your organisation”. Even so, experts argue that every employee should be seen as a potential malicious insider, and that all businesses should arrange their cybersecurity defences accordingly.

To read more of this article, see it at INTHEBLACK