Eleven percent of companies in SA suffered malicious actions by staff

January 2024 Information Security, News & Events

Cyber incidents caused by the human factor are usually attributed to occasional employee errors, but a more important element often overlooked is deliberate malicious behaviour by staff. A new Kaspersky study found that in the past two years, 82% of companies surveyed in South Africa have faced cyber incidents in different forms, 11% of which were caused by deliberate malicious behaviour by employees.

There are two main types of insider threats: unintentional and intentional. Unintentional or accidental threats are employee mistakes such as falling for phishing and other social engineering methods, or sending sensitive and confidential information to the wrong person, etc.

In contrast, intentional threats are perpetrated by malicious insiders who deliberately hack into their employer’s systems. They usually do so for financial gain from the sale of sensitive data or as an act of revenge. Malicious insiders aim to disrupt or stop an organisation's regular business operations, expose IT weaknesses and obtain confidential information.

Insiders with malicious intentions are the most dangerous employees who can provoke cyber incidents. Several factors complicate threats posed by their actions:

• Insiders have specific knowledge of an organisation’s infrastructure and processes, including understanding the information security tools used.

• They are already inside the company's network and do not need to penetrate the perimeter from outside via phishing, firewall attacks, etc.

• They have colleagues and friends within the organisation, so it is much easier for them to use social engineering.

• Insiders with malicious intentions are highly motivated to harm their organisation.

Financial gain is one of the main reasons employees commit malicious actions against an employer. Often, it means stealing sensitive information with the intention of selling it to a third party or competitors, or even auctioning it on the dark web, where cybercriminals buy data to attack businesses.

When an employee has been fired, malicious behaviour might occur out of revenge. This can be conducted through their connections with other employees, but the worst-case scenario occurs if they still can log into their work account remotely because the organisation has not removed their ability to access corporate systems.

Employees can also act maliciously when unhappy with their jobs or ‘to get even’ with an employer who did not give them an expected raise or a promotion.

Another distinctive type of malicious action occurs when one or more insiders collaborate with an external actor to compromise an organisation. These incidents frequently involve cybercriminals recruiting one or more insiders to carry out different kinds of attacks. There may also be cases in which third parties, such as competitors or other interested parties, collaborate with staff to obtain the company’s sensitive data.

“Malicious actors can be discovered anywhere, in huge enterprises or small businesses. That is why businesses should build an up-to-date, resilient, transparent IT security system, uniting effective security solutions, smart security protocols and training programs for both IT and non-IT staff to safeguard against this threat. Additionally, it is crucial to implement products and solutions that will protect the organisation’s infrastructure. For example, our Kaspersky Endpoint Detection and Response Optimum contains Advanced Anomaly Control, which helps detect and prevent suspicious and potentially dangerous activities, both by an insider working in a company or an actor outside the organisation,” comments Alexey Vovk, Head of Information Security at Kaspersky.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

A strong cybersecurity foundation
Milestone Systems Information Security
The data collected by cameras, connected sensors, and video management software can make a VMS an attractive target for malicious actors; therefore, being aware of the risks of an insecure video surveillance system and how to mitigate these are critical skills.

Surveillance and cybersecurity
Cathexis Technologies Information Security
Whether your business runs a security system with a handful of cameras or it is an enterprise company with thousands of cameras monitoring sites across a multinational organisation, you must pay attention to cybersecurity.

Cybersecurity and AI
AI & Data Analytics Information Security
Cybersecurity is one of the primary reasons that detecting the commonalities and threats of what is otherwise completely unknown is possible with tools such as SIEM and endpoint protection platforms.

What are MFA fatigue attacks, and how can they be prevented?
Information Security
Multifactor authentication is a security measure that requires users to provide a second form of verification before they can log into a corporate network. It has long been considered essential for keeping fraudsters out. However, cybercriminals have been discovering clever ways to bypass it.

SA's cybersecurity risks to watch
Information Security
The persistent myth is that cybercrime only targets the biggest companies and economies, but cybercriminals are not bound by geography, and rapidly digitising economies lure them in large numbers.

Cyber insurance a key component in cyber defence strategies
Information Security
[Sponsored] Cyber insurance has become a key part of South African organisations’ risk reduction strategies, driven by the need for additional financial protection and contingency plans in the event of a cyber incident.

Deception technology crucial to unmasking data theft
Information Security Security Services & Risk Management
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Risk management: There's an app for that
Editor's Choice News & Events Security Services & Risk Management
Zulu Consulting has streamlined the corporate risk management process with the launch of Risk-IO, a web-based app designed to consolidate and guide risk managers through the process, monitoring progress as one proceeds.