You have a ‘super malicious insider’

Issue 2 2022 Information Security

There’s a super malicious insider who is technically proficient and often acutely aware of an organisation’s technical limitations in proactively detecting insider threats. This is according to Dtex System’s 2022 Insider Risk Report that is based on real investigations and data collected by the Dtex Insider Intelligence and Investigations (i3) team throughout 2021.


John Mc Loughlin.

The super malicious insider is a technically proficient employee who is acutely aware of an organisation’s cybersecurity architecture, solutions and processes and who understands both the technical and human analyst limitations in detecting insider threat indicators.

The report identifies a significant increase in industrial espionage incidents and the rise of the ‘Super Malicious Insider’ persona and provides evidence that the abrupt shift to remote work has directly contributed to an escalation in psychosocial human behaviours that create organisational risk.

These ‘super malicious’ insiders have the technical skills needed to bypass many defences and often the training (usually provided by their employers) to understand how traditional cybersecurity solutions identify threats (i.e. data loss prevention, user activity monitoring, firewalls, virtual private networks and IAM).

One usually thinks of insider threats as disgruntled or unethical users seeking to damage the company financially or reputationally, these are malicious insiders. Their motives can range from personal gain to activism.

A second common insider threat is careless employees taking actions that can put data at risk. This includes sending sensitive information to their private email or cloud storage accounts so they can work remotely or clicking on suspicious links in emails.

Insider risk versus insider threat

A good place to start is to understand the difference between an insider risk and an insider threat. Gartner says not every insider risk becomes an insider threat, however, every insider threat started as an insider risk. In short, anyone who has access to sensitive information is an insider risk. Humans are imperfect and make mistakes. Even the most conscientious worker could accidentally email data to the wrong recipient, misplace their computer or have a company laptop stolen from their car.

Insider risks are also those sending sensitive information to their private email or cloud storage accounts so they can work remotely or those clicking on suspicious links in emails. Risk does not imply malicious intent. That is reserved for insider threats, those employees, vendors or partners who plan and execute actions to steal or release data or sabotage corporate systems.

Insider threats are most often financially motivated and are a mix of those who want to personally profit from the sale of sensitive corporate information and IP on the black market – to take that data with them to their next employer to quickly ‘add value’ – or, in rare cases, those who have been engaged by an external third party that has offered to compensate them financially in exchange for their help exfiltrating data.

In rare cases, insider threats are revenge-motivated because of being passed over for a promotion, not getting the salary increase they believe they deserve, or simply due to personal health issues they blame on their employer or co-workers. In even rarer cases, insider threats can be those individuals who are utilising corporate assets such as PCs and Wi-Fi to engage in criminal behaviours such as black-market ecommerce, human trafficking, or Child Sexual Abuse Material (CSAM) collection and storage.

As discussed in the report, the key to stopping a malicious insider is first to identify those who intentionally seek to cause harm. From understanding the underlying behavioural indicators that increase insider risk (including the differences in the way malicious and non-malicious users search, aggregate, manipulate, and transfer data), it becomes possible to detect and disrupt an insider threat before any irreparable harm is caused.

The full Dtex 2022 Insider Risk Intelligence & Investigations Report is available here (https://www2.dtexsystems.com/2022-insider-risk-report).




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

Read more...
Prepare for cyber-physical attacks
Gallagher Information Security Access Control & Identity Management
As the security landscape continues to evolve, organisations must fortify their security solutions to embrace the changing needs of the security and technology industries. Nowhere is this more present than with regard to cybersecurity.

Read more...
Zero Trust and user fatigue
Access Control & Identity Management Information Security
Paul Meyer, Security Solutions Executive, iOCO OpenText, says implementing Zero Trust and enforcing it can create user fatigue, which only leads to carelessness and a couldn’t care attitude.

Read more...
Passwordless, unphishable web browsers
Access Control & Identity Management Information Security
Passkey technology is proving to be an easily deployed way to bring unphishable, biometric-based security to browsers; making identification and authentication much more secure and reliable for all parties.

Read more...
Time is of the essence
Information Security
Ransomware attacks are becoming increasingly common. Yet, many individuals and organisations still lack a clear understanding of how these attacks occur and what can be done to secure their data.

Read more...
All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Read more...
The song remains the same
Sophos Information Security
Sophos report found that telemetry logs were missing in nearly 42% of the attack cases studied. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.

Read more...
How hackers exploit our vulnerabilities
Information Security Risk Management & Resilience
Distractions, multi-tasking, and emotional responses increase individuals’ vulnerability to social engineering, manipulation, and various forms of digital attacks; 74% of all data breaches included a human element.

Read more...
Projections for 2024’s Advanced Threats Landscape
News & Events Information Security
Kaspersky Global Research and Analysis Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, with a focus on the evolution of Advanced Persistent Threats (APT).

Read more...
Veeam and Sophos in strategic partnership
Information Security
Veeam and Sophos unite with a strategic partnership to advance the security of business-critical backups with managed detection and response for cyber resiliency, and to quickly recover impacted data by exchanging critical information.

Read more...