You have a ‘super malicious insider’

Issue 2 2022 Cyber Security

There’s a super malicious insider who is technically proficient and often acutely aware of an organisation’s technical limitations in proactively detecting insider threats. This is according to Dtex System’s 2022 Insider Risk Report that is based on real investigations and data collected by the Dtex Insider Intelligence and Investigations (i3) team throughout 2021.


John Mc Loughlin.

The super malicious insider is a technically proficient employee who is acutely aware of an organisation’s cybersecurity architecture, solutions and processes and who understands both the technical and human analyst limitations in detecting insider threat indicators.

The report identifies a significant increase in industrial espionage incidents and the rise of the ‘Super Malicious Insider’ persona and provides evidence that the abrupt shift to remote work has directly contributed to an escalation in psychosocial human behaviours that create organisational risk.

These ‘super malicious’ insiders have the technical skills needed to bypass many defences and often the training (usually provided by their employers) to understand how traditional cybersecurity solutions identify threats (i.e. data loss prevention, user activity monitoring, firewalls, virtual private networks and IAM).

One usually thinks of insider threats as disgruntled or unethical users seeking to damage the company financially or reputationally, these are malicious insiders. Their motives can range from personal gain to activism.

A second common insider threat is careless employees taking actions that can put data at risk. This includes sending sensitive information to their private email or cloud storage accounts so they can work remotely or clicking on suspicious links in emails.

Insider risk versus insider threat

A good place to start is to understand the difference between an insider risk and an insider threat. Gartner says not every insider risk becomes an insider threat, however, every insider threat started as an insider risk. In short, anyone who has access to sensitive information is an insider risk. Humans are imperfect and make mistakes. Even the most conscientious worker could accidentally email data to the wrong recipient, misplace their computer or have a company laptop stolen from their car.

Insider risks are also those sending sensitive information to their private email or cloud storage accounts so they can work remotely or those clicking on suspicious links in emails. Risk does not imply malicious intent. That is reserved for insider threats, those employees, vendors or partners who plan and execute actions to steal or release data or sabotage corporate systems.

Insider threats are most often financially motivated and are a mix of those who want to personally profit from the sale of sensitive corporate information and IP on the black market – to take that data with them to their next employer to quickly ‘add value’ – or, in rare cases, those who have been engaged by an external third party that has offered to compensate them financially in exchange for their help exfiltrating data.

In rare cases, insider threats are revenge-motivated because of being passed over for a promotion, not getting the salary increase they believe they deserve, or simply due to personal health issues they blame on their employer or co-workers. In even rarer cases, insider threats can be those individuals who are utilising corporate assets such as PCs and Wi-Fi to engage in criminal behaviours such as black-market ecommerce, human trafficking, or Child Sexual Abuse Material (CSAM) collection and storage.

As discussed in the report, the key to stopping a malicious insider is first to identify those who intentionally seek to cause harm. From understanding the underlying behavioural indicators that increase insider risk (including the differences in the way malicious and non-malicious users search, aggregate, manipulate, and transfer data), it becomes possible to detect and disrupt an insider threat before any irreparable harm is caused.

The full Dtex 2022 Insider Risk Intelligence & Investigations Report is available here (https://www2.dtexsystems.com/2022-insider-risk-report).




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Prevention-first approach to cybersecurity
News Cyber Security
Check Point CEO, Gil Shwed, highlights the increasing importance of artificial intelligence in defending evolving networks and protecting against cyber threats at annual CPX 360 customer and partner event.

Read more...
How much protection does cyber insurance really give businesses?
Cyber Security Security Services & Risk Management
If organisations don’t meet even the minimum requirements of security and data protection, insurance will do them little good. Instead, it needs to be just one part of the digital resiliency toolbox.

Read more...
Introducing adaptive active adversary
Cyber Security Products
New adaptive active adversary protection; Linux malware protection enhancements; account health check capabilities; an integrated zero trust network access (ZTNA) agent for Windows and macOS devices; and improved frontline defences against advanced cyberthreats and streamline endpoint security management.

Read more...
Eleven steps to an effective ransomware response checklist
Editor's Choice Cyber Security
Anyone is a viable target for ransomware attacks and should have a plan in place to deal with a worst-case scenario. Fortinet offers this ransomware attack response checklist to effectively deal with an active ransomware attack.

Read more...
Blurring the lines between data management and cybersecurity
Cyber Security IT infrastructure
In the past, data management and cybersecurity would fall under separate domains, but with more organisations making the shift to the cloud, data management and data protection have merged, essentially blurring the lines between the two.

Read more...
Recession? Do not skimp on cybersecurity
Cyber Security Security Services & Risk Management
While economists are studying their crystal balls, businesses have to prepare for the worst, and preparing for a recession means cutting costs and refocusing resources; however, they must ensure they do not end up creating an enormous risk.

Read more...
Organisations are increasing modern data protection for cloud workloads
Cyber Security
The Veeam Cloud Protection Trends Report for 2023 identifies what is driving IT leaders to change strategies, roles and methods related to both production and protection of cloud-hosted workloads.

Read more...
Cybersecurity in Africa: The challenges and solutions
Training & Education Cyber Security
Africa faces a significant challenge when it comes to the availability and distribution of cybersecurity talent and secure IT infrastructures. Facing this challenge will require supporting and nurturing the next generation of security graduates and professionals.

Read more...
Zero Trust to dominate 2023
Cyber Security Access Control & Identity Management
Traditional ways of safeguarding data are no longer sufficient in 2023. Zero Trust has emerged as a more proactive way for businesses to keep their systems, data, and networks protected against compromise.

Read more...
Cybersecurity in 2023
Technews Publishing Gallagher Cyber Security
What is on the cybersecurity menu in 2023? Hi-Tech Security Solutions offers two views from industry players on the risk environment and what to look out for in the cyber world in the coming year.

Read more...