Super-malicious insider presents a very real risk

Issue 1 2023 Cyber Security

John Mc Loughlin.

Companies have become increasingly aware of the risk malicious insiders pose and with a potential economic downturn that will drive significant layoffs, it has never been more important for business leaders to understand the impact malicious insiders can have on a company’s security posture.

Employees that leave the company, voluntarily or not, present a real and ongoing risk for companies in today’s hybrid world. Often the individuals planning to leave a company are not pleased with their existing work environment and disgruntled employees usually carry a chip on their shoulder due to the company's inability to alleviate any of their concerns.

These feelings escalate even more when it comes to unexpected layoffs and can be a powerful driver of insider threats, leading to the exfiltration of sensitive information.

The continued rise of the super-malicious insider presents a very real and scary risk for businesses in 2023. Because these individuals’ technical proficiency and acute awareness of the company's existing cybersecurity architecture, solutions and processes that surpass the capabilities of your average malicious insider, they are better able to evade detection.

Here are some of the scariest real-world examples of the super malicious threats the DTEX team has uncovered.

Ghost employee accounts: An individual maintained access to corporate systems and data after leaving their company by proactively creating another account prior to leaving. The individual suspected that the business would keep a closer eye on the activity of employees leaving the business for suspicious data loss or risky behaviours. This persistent access was used to steal customer data and sabotage the company’s operational pipeline by modifying purchase orders months after the individual was let go.

The disgruntled employee: As a result of perceived unfair treatment, an employee decided to steal their supervisor’s personal details (email, phone number, etc.) and leveraged the information to sign into various spam sites. This resulted in the employer and their loved ones experiencing ongoing harassment, significantly disrupting their day-to-day lives. Ultimately, the incident forced the family to change all of their personal information.

The social engineering scare: Another incident identified by the DTEX team involved a disgruntled employee who socially engineered another employee to steal hundreds of thousands of customer records. In this example, the existing Identity and Access Management security solution had been correctly configured to allow only authenticated access, but an authorised download followed by a shared link using a company-approved file-sharing utility was all that was needed to gain unauthorised access.

Once the malicious employee gained access to the records, they archived the information and saved it to the draft’s folder of a personal webmail account for easy access and exfiltration. After the malicious insider secured a position at a new company, they sold the information on the dark web.

Super-malicious insider threats can be detrimental to enterprises as these incidents can directly affect employees’ livelihoods by diminishing the company's brand and/or causing irreparable damage to an individual’s reputation. These examples should serve as a wake-up call to security leaders that traditional DLP, UBA, and UAM tools are not sufficiently mitigating malicious insider threats.

For more information contact J2 Software, +27 11 794 1096,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Prevention-first approach to cybersecurity
News Cyber Security
Check Point CEO, Gil Shwed, highlights the increasing importance of artificial intelligence in defending evolving networks and protecting against cyber threats at annual CPX 360 customer and partner event.

How much protection does cyber insurance really give businesses?
Cyber Security Security Services & Risk Management
If organisations don’t meet even the minimum requirements of security and data protection, insurance will do them little good. Instead, it needs to be just one part of the digital resiliency toolbox.

Introducing adaptive active adversary
Cyber Security Products
New adaptive active adversary protection; Linux malware protection enhancements; account health check capabilities; an integrated zero trust network access (ZTNA) agent for Windows and macOS devices; and improved frontline defences against advanced cyberthreats and streamline endpoint security management.

Eleven steps to an effective ransomware response checklist
Editor's Choice Cyber Security
Anyone is a viable target for ransomware attacks and should have a plan in place to deal with a worst-case scenario. Fortinet offers this ransomware attack response checklist to effectively deal with an active ransomware attack.

Blurring the lines between data management and cybersecurity
Cyber Security IT infrastructure
In the past, data management and cybersecurity would fall under separate domains, but with more organisations making the shift to the cloud, data management and data protection have merged, essentially blurring the lines between the two.

Recession? Do not skimp on cybersecurity
Cyber Security Security Services & Risk Management
While economists are studying their crystal balls, businesses have to prepare for the worst, and preparing for a recession means cutting costs and refocusing resources; however, they must ensure they do not end up creating an enormous risk.

Organisations are increasing modern data protection for cloud workloads
Cyber Security
The Veeam Cloud Protection Trends Report for 2023 identifies what is driving IT leaders to change strategies, roles and methods related to both production and protection of cloud-hosted workloads.

Cybersecurity in Africa: The challenges and solutions
Training & Education Cyber Security
Africa faces a significant challenge when it comes to the availability and distribution of cybersecurity talent and secure IT infrastructures. Facing this challenge will require supporting and nurturing the next generation of security graduates and professionals.

Zero Trust to dominate 2023
Cyber Security Access Control & Identity Management
Traditional ways of safeguarding data are no longer sufficient in 2023. Zero Trust has emerged as a more proactive way for businesses to keep their systems, data, and networks protected against compromise.

Cybersecurity in 2023
Technews Publishing Gallagher Cyber Security
What is on the cybersecurity menu in 2023? Hi-Tech Security Solutions offers two views from industry players on the risk environment and what to look out for in the cyber world in the coming year.