Super-malicious insider presents a very real risk

Issue 1 2023 Information Security

John Mc Loughlin.

Companies have become increasingly aware of the risk malicious insiders pose and with a potential economic downturn that will drive significant layoffs, it has never been more important for business leaders to understand the impact malicious insiders can have on a company’s security posture.

Employees that leave the company, voluntarily or not, present a real and ongoing risk for companies in today’s hybrid world. Often the individuals planning to leave a company are not pleased with their existing work environment and disgruntled employees usually carry a chip on their shoulder due to the company's inability to alleviate any of their concerns.

These feelings escalate even more when it comes to unexpected layoffs and can be a powerful driver of insider threats, leading to the exfiltration of sensitive information.

The continued rise of the super-malicious insider presents a very real and scary risk for businesses in 2023. Because these individuals’ technical proficiency and acute awareness of the company's existing cybersecurity architecture, solutions and processes that surpass the capabilities of your average malicious insider, they are better able to evade detection.

Here are some of the scariest real-world examples of the super malicious threats the DTEX team has uncovered.

Ghost employee accounts: An individual maintained access to corporate systems and data after leaving their company by proactively creating another account prior to leaving. The individual suspected that the business would keep a closer eye on the activity of employees leaving the business for suspicious data loss or risky behaviours. This persistent access was used to steal customer data and sabotage the company’s operational pipeline by modifying purchase orders months after the individual was let go.

The disgruntled employee: As a result of perceived unfair treatment, an employee decided to steal their supervisor’s personal details (email, phone number, etc.) and leveraged the information to sign into various spam sites. This resulted in the employer and their loved ones experiencing ongoing harassment, significantly disrupting their day-to-day lives. Ultimately, the incident forced the family to change all of their personal information.

The social engineering scare: Another incident identified by the DTEX team involved a disgruntled employee who socially engineered another employee to steal hundreds of thousands of customer records. In this example, the existing Identity and Access Management security solution had been correctly configured to allow only authenticated access, but an authorised download followed by a shared link using a company-approved file-sharing utility was all that was needed to gain unauthorised access.

Once the malicious employee gained access to the records, they archived the information and saved it to the draft’s folder of a personal webmail account for easy access and exfiltration. After the malicious insider secured a position at a new company, they sold the information on the dark web.

Super-malicious insider threats can be detrimental to enterprises as these incidents can directly affect employees’ livelihoods by diminishing the company's brand and/or causing irreparable damage to an individual’s reputation. These examples should serve as a wake-up call to security leaders that traditional DLP, UBA, and UAM tools are not sufficiently mitigating malicious insider threats.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

Prepare for cyber-physical attacks
Gallagher Information Security Access Control & Identity Management
As the security landscape continues to evolve, organisations must fortify their security solutions to embrace the changing needs of the security and technology industries. Nowhere is this more present than with regard to cybersecurity.

Zero Trust and user fatigue
Access Control & Identity Management Information Security
Paul Meyer, Security Solutions Executive, iOCO OpenText, says implementing Zero Trust and enforcing it can create user fatigue, which only leads to carelessness and a couldn’t care attitude.

Passwordless, unphishable web browsers
Access Control & Identity Management Information Security
Passkey technology is proving to be an easily deployed way to bring unphishable, biometric-based security to browsers; making identification and authentication much more secure and reliable for all parties.

Time is of the essence
Information Security
Ransomware attacks are becoming increasingly common. Yet, many individuals and organisations still lack a clear understanding of how these attacks occur and what can be done to secure their data.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

The song remains the same
Sophos Information Security
Sophos report found that telemetry logs were missing in nearly 42% of the attack cases studied. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.

How hackers exploit our vulnerabilities
Information Security Risk Management & Resilience
Distractions, multi-tasking, and emotional responses increase individuals’ vulnerability to social engineering, manipulation, and various forms of digital attacks; 74% of all data breaches included a human element.

Projections for 2024’s Advanced Threats Landscape
News & Events Information Security
Kaspersky Global Research and Analysis Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, with a focus on the evolution of Advanced Persistent Threats (APT).

Veeam and Sophos in strategic partnership
Information Security
Veeam and Sophos unite with a strategic partnership to advance the security of business-critical backups with managed detection and response for cyber resiliency, and to quickly recover impacted data by exchanging critical information.