You have a ‘super malicious insider’

Issue 2 2022 Cyber Security

There’s a super malicious insider who is technically proficient and often acutely aware of an organisation’s technical limitations in proactively detecting insider threats. This is according to Dtex System’s 2022 Insider Risk Report that is based on real investigations and data collected by the Dtex Insider Intelligence and Investigations (i3) team throughout 2021.


John Mc Loughlin.

The super malicious insider is a technically proficient employee who is acutely aware of an organisation’s cybersecurity architecture, solutions and processes and who understands both the technical and human analyst limitations in detecting insider threat indicators.

The report identifies a significant increase in industrial espionage incidents and the rise of the ‘Super Malicious Insider’ persona and provides evidence that the abrupt shift to remote work has directly contributed to an escalation in psychosocial human behaviours that create organisational risk.

These ‘super malicious’ insiders have the technical skills needed to bypass many defences and often the training (usually provided by their employers) to understand how traditional cybersecurity solutions identify threats (i.e. data loss prevention, user activity monitoring, firewalls, virtual private networks and IAM).

One usually thinks of insider threats as disgruntled or unethical users seeking to damage the company financially or reputationally, these are malicious insiders. Their motives can range from personal gain to activism.

A second common insider threat is careless employees taking actions that can put data at risk. This includes sending sensitive information to their private email or cloud storage accounts so they can work remotely or clicking on suspicious links in emails.

Insider risk versus insider threat

A good place to start is to understand the difference between an insider risk and an insider threat. Gartner says not every insider risk becomes an insider threat, however, every insider threat started as an insider risk. In short, anyone who has access to sensitive information is an insider risk. Humans are imperfect and make mistakes. Even the most conscientious worker could accidentally email data to the wrong recipient, misplace their computer or have a company laptop stolen from their car.

Insider risks are also those sending sensitive information to their private email or cloud storage accounts so they can work remotely or those clicking on suspicious links in emails. Risk does not imply malicious intent. That is reserved for insider threats, those employees, vendors or partners who plan and execute actions to steal or release data or sabotage corporate systems.

Insider threats are most often financially motivated and are a mix of those who want to personally profit from the sale of sensitive corporate information and IP on the black market – to take that data with them to their next employer to quickly ‘add value’ – or, in rare cases, those who have been engaged by an external third party that has offered to compensate them financially in exchange for their help exfiltrating data.

In rare cases, insider threats are revenge-motivated because of being passed over for a promotion, not getting the salary increase they believe they deserve, or simply due to personal health issues they blame on their employer or co-workers. In even rarer cases, insider threats can be those individuals who are utilising corporate assets such as PCs and Wi-Fi to engage in criminal behaviours such as black-market ecommerce, human trafficking, or Child Sexual Abuse Material (CSAM) collection and storage.

As discussed in the report, the key to stopping a malicious insider is first to identify those who intentionally seek to cause harm. From understanding the underlying behavioural indicators that increase insider risk (including the differences in the way malicious and non-malicious users search, aggregate, manipulate, and transfer data), it becomes possible to detect and disrupt an insider threat before any irreparable harm is caused.

The full Dtex 2022 Insider Risk Intelligence & Investigations Report is available here (https://www2.dtexsystems.com/2022-insider-risk-report).


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cybersecure surveillance cameras
HiTek Security Distributors News CCTV, Surveillance & Remote Monitoring Cyber Security
Provision-ISR builds customer trust and opens up new opportunities with Check Point Quantum IoT Protect Firmware built into Provision-ISR cameras.

Read more...
The 5 most common security concerns in the Web 3.0 world
Cyber Security
Cisco Talos has done a deep dive to highlight the most common security challenges, driven by cryptocurrency, blockchain technology, decentralised applications and decentralised file storage.

Read more...
The components of and need for cyber resilience
Cyber Security Security Services & Risk Management
Organisations need to implement a comprehensive cyber resilience solution with data protection, backup, disaster recovery and business continuity to protect against ever-more complex and rising cyberthreats.

Read more...
Preventing cyberattacks on critical infrastructure
Industrial (Industry) Cyber Security
Cyberattacks have the potential to disrupt our lives completely, and in instances where critical national infrastructure is attacked, they could disrupt the country’s entire economy, leading to loss of life and livelihoods.

Read more...
Unrecoverable encrypted data
News Cyber Security
Cybersecurity research indicates that 76% of organisations admit to paying ransomware criminals, however, one-third are still unable to recover data.

Read more...
Citrix App Protection helps secure remote workers
Cyber Security IT infrastructure
Many organisations are implementing a zero-trust security model with data protection as a top priority. This is largely due to the increase in remote work and unmanaged personal devices playing a growing role in the enterprise.

Read more...
2022 Cloud Security Report
Cyber Security IT infrastructure
The 2022 Cloud Security Report reveals how security executives and practitioners are using the cloud, how their organisations are responding to security threats in the cloud, and the challenges they are facing.

Read more...
Arcserve launches N Series appliances
IT infrastructure Cyber Security
Arcserve introduces N Series appliances offering enterprise-level integrated data protection, recovery and cybersecurity to allow customers to simplify their IT environments and secure data.

Read more...
Securing business information more important than ever
Cyber Security Products
SMBs need to operate safely within the physical and virtual boundaries created by work-from-home business practices, as well as in-office operations.

Read more...
Storage is essential for a comprehensive cybersecurity strategy
Integrated Solutions Cyber Security
Cyber resilience is the ability of an enterprise to limit the impact of security incidents by deploying and arranging appropriate security tools and processes.

Read more...