Super-malicious insider presents a very real risk

Issue 1 2023 Cyber Security

John Mc Loughlin.

Companies have become increasingly aware of the risk malicious insiders pose and with a potential economic downturn that will drive significant layoffs, it has never been more important for business leaders to understand the impact malicious insiders can have on a company’s security posture.

Employees that leave the company, voluntarily or not, present a real and ongoing risk for companies in today’s hybrid world. Often the individuals planning to leave a company are not pleased with their existing work environment and disgruntled employees usually carry a chip on their shoulder due to the company's inability to alleviate any of their concerns.

These feelings escalate even more when it comes to unexpected layoffs and can be a powerful driver of insider threats, leading to the exfiltration of sensitive information.

The continued rise of the super-malicious insider presents a very real and scary risk for businesses in 2023. Because these individuals’ technical proficiency and acute awareness of the company's existing cybersecurity architecture, solutions and processes that surpass the capabilities of your average malicious insider, they are better able to evade detection.

Here are some of the scariest real-world examples of the super malicious threats the DTEX team has uncovered.

Ghost employee accounts: An individual maintained access to corporate systems and data after leaving their company by proactively creating another account prior to leaving. The individual suspected that the business would keep a closer eye on the activity of employees leaving the business for suspicious data loss or risky behaviours. This persistent access was used to steal customer data and sabotage the company’s operational pipeline by modifying purchase orders months after the individual was let go.

The disgruntled employee: As a result of perceived unfair treatment, an employee decided to steal their supervisor’s personal details (email, phone number, etc.) and leveraged the information to sign into various spam sites. This resulted in the employer and their loved ones experiencing ongoing harassment, significantly disrupting their day-to-day lives. Ultimately, the incident forced the family to change all of their personal information.

The social engineering scare: Another incident identified by the DTEX team involved a disgruntled employee who socially engineered another employee to steal hundreds of thousands of customer records. In this example, the existing Identity and Access Management security solution had been correctly configured to allow only authenticated access, but an authorised download followed by a shared link using a company-approved file-sharing utility was all that was needed to gain unauthorised access.

Once the malicious employee gained access to the records, they archived the information and saved it to the draft’s folder of a personal webmail account for easy access and exfiltration. After the malicious insider secured a position at a new company, they sold the information on the dark web.

Super-malicious insider threats can be detrimental to enterprises as these incidents can directly affect employees’ livelihoods by diminishing the company's brand and/or causing irreparable damage to an individual’s reputation. These examples should serve as a wake-up call to security leaders that traditional DLP, UBA, and UAM tools are not sufficiently mitigating malicious insider threats.

For more information contact J2 Software, +27 11 794 1096,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Insights from the 2023 Cloud Security Report
News Cyber Security
Increased costs, compliance requirements, hybrid and multi-cloud complexities, reduced visibility, and a lack of skilled practitioners cause organisations to slow or adjust their cloud adoption strategies.

New algorithm for OT cybersecurity risk management
Industrial (Industry) Cyber Security News Commercial (Industry)
OTORIO’s new risk management model and attack graph analysis algorithm technology, calculates OT cybersecurity threats and provides risk mitigation actions, prioritised according to actual exposure and potential impact on operations.

Veeam finds 93% of cyberattacks target backup storage
Cyber Security
Veeam unveils the results of its 2023 Ransomware Trends Report, showing cyber insurance is becoming too expensive and 21% of organisations are unable to recover their data after paying the ransom.

Cybersecurity providers must first protect themselves
Cyber Security
In a joint advisory released by cybersecurity agencies across the United States, UK, Australia, Canada and New Zealand, managed security service providers (MSSPs) have been warned of a sharp increase in cyberattacks targeting their systems.

Cyber attackers used over 500 tools and tactics in 2022
Cyber Security News
The most common root causes of attacks were unpatched vulnerabilities and compromised credentials, while ransomware continues to be the most common ‘end game’ and attacker dwell time is shrinking – for better or worse.

Addressing the SCADA in the room
Industrial (Industry) Cyber Security
Few other sectors command the breadth of purpose-built and custom devices necessary to function, as the industrial and manufacturing industries. These unique devices create an uncommon risk that must be assessed and understood to fully protect against incoming attacks.

Recession or stress?
Cyber Security News
The economic landscape has seen many technology companies lay off vast numbers of employees, but for cybersecurity, the picture looks very different – a dynamic mixture of excitement, challenges and toxicity.

Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack

NEC XON appoints Armand Kruger as Head of Cybersecurity
News Cyber Security
NEC XON has announced the appointment of Armand Kruger as the Head of Cybersecurity. Kruger will oversee all cybersecurity offerings including cybersecurity strategy, programmes, and executive advisory.

Caesar Tonkin new head of cybersecurity business, Armata
News Cyber Security
Vivica Holdings has announced the appointment of cybersecurity expert Caesar Tonkin to head up its cybersecurity business Armata, which provides technology solutions and niche expertise needed to help businesses better protect themselves.