Eleven percent of companies in SA suffered malicious actions by staff

January 2024 Information Security, News & Events

Cyber incidents caused by the human factor are usually attributed to occasional employee errors, but a more important element often overlooked is deliberate malicious behaviour by staff. A new Kaspersky study found that in the past two years, 82% of companies surveyed in South Africa have faced cyber incidents in different forms, 11% of which were caused by deliberate malicious behaviour by employees.

There are two main types of insider threats: unintentional and intentional. Unintentional or accidental threats are employee mistakes such as falling for phishing and other social engineering methods, or sending sensitive and confidential information to the wrong person, etc.

In contrast, intentional threats are perpetrated by malicious insiders who deliberately hack into their employer’s systems. They usually do so for financial gain from the sale of sensitive data or as an act of revenge. Malicious insiders aim to disrupt or stop an organisation's regular business operations, expose IT weaknesses and obtain confidential information.

Insiders with malicious intentions are the most dangerous employees who can provoke cyber incidents. Several factors complicate threats posed by their actions:

• Insiders have specific knowledge of an organisation’s infrastructure and processes, including understanding the information security tools used.

• They are already inside the company's network and do not need to penetrate the perimeter from outside via phishing, firewall attacks, etc.

• They have colleagues and friends within the organisation, so it is much easier for them to use social engineering.

• Insiders with malicious intentions are highly motivated to harm their organisation.

Financial gain is one of the main reasons employees commit malicious actions against an employer. Often, it means stealing sensitive information with the intention of selling it to a third party or competitors, or even auctioning it on the dark web, where cybercriminals buy data to attack businesses.

When an employee has been fired, malicious behaviour might occur out of revenge. This can be conducted through their connections with other employees, but the worst-case scenario occurs if they still can log into their work account remotely because the organisation has not removed their ability to access corporate systems.

Employees can also act maliciously when unhappy with their jobs or ‘to get even’ with an employer who did not give them an expected raise or a promotion.

Another distinctive type of malicious action occurs when one or more insiders collaborate with an external actor to compromise an organisation. These incidents frequently involve cybercriminals recruiting one or more insiders to carry out different kinds of attacks. There may also be cases in which third parties, such as competitors or other interested parties, collaborate with staff to obtain the company’s sensitive data.

“Malicious actors can be discovered anywhere, in huge enterprises or small businesses. That is why businesses should build an up-to-date, resilient, transparent IT security system, uniting effective security solutions, smart security protocols and training programs for both IT and non-IT staff to safeguard against this threat. Additionally, it is crucial to implement products and solutions that will protect the organisation’s infrastructure. For example, our Kaspersky Endpoint Detection and Response Optimum contains Advanced Anomaly Control, which helps detect and prevent suspicious and potentially dangerous activities, both by an insider working in a company or an actor outside the organisation,” comments Alexey Vovk, Head of Information Security at Kaspersky.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Managed security solutions for organisations of all sizes
Information Security News & Events
Cyber attackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Check Point launches open, vendor-neutral MDR services
Information Security News & Events Products & Solutions
New Check Point MDR 360° and MXDR 360° offerings deliver 24/7 managed continuous threat monitoring protection across endpoints, cloud and network environments with built-in identity threat detection and 160+ integrations across hybrid, multi-vendor environments.

Read more...
Credential theft surges in South Africa
NEC XON Information Security
NEC XON issues a critical cybersecurity warning about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region, with an increasing number of incidents and evolving threat tactics.

Read more...
Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.