Insiders: who are they?

1 May 2019 Security Services & Risk Management, Information Security

Insiders are the business’s weakest link and breaches caused by employees are the costliest and the hardest to predict. This is especially true if we talk about accidental insiders who leak unintentionally and have limited knowledge of a corporate security policy. Their action may not only cause direct damage, but also catalyse fraudsters or hackers. In fact, according to the 2018 Insider Threat Report by Cybersecurity Insiders, more than 51% of companies are concerned about the unintentional insider attack.

Accidental insiders present the focus of the article; let’s consider some examples of the rapidly growing presence of this type of threat.

Sergey Ozhegov
Sergey Ozhegov

Risk groups of employees

People from risk groups (gamblers, debtors, addicts, and other risk groups) are often victims of blackmail. Under pressure, they choose to commit crimes in order to keep personal secrets.

A competitor of a transport company began to entice customers systematically at the stage of signing agreements. The risk manager of a company drew attention to the changed behaviour of one of the top managers. An in-depth analysis and notification of the violation of security policy used to identify relations between colleagues showed that a top manager was intimate with one of the employees.

The employee herself would actively communicate on social networks with an employee from a competing company. The risk manager suggested that having learnt about the ‘skeleton in the closet’, the competitors decided to blackmail the top manager and forced him to leak data. To test the hypothesis, the top manager was told deliberately false information about the upcoming transaction – and the competitors took advantage of this.

Ex-employees’friends

Ex-employees, especially those who left with a scandal or went to competitors, often try to find out confidential information through ex-colleagues with whom they maintain friendly relations and communicate on a daily basis or from time to time.

One of a retailer’s employees discussed the company’s short-term development plans with an unknown via Skype. It was found out that the account of the unknown belonged to a former sales manager of the company who left for a competitor but continued to keep close relations with some colleagues. The ex-employee was trying to learn about changes in the company’s policy and future development plans. The information security officer talked to the employee and explained the potential impact of this friendly communication.

Informal leaders

A positively minded informal leader will benefit, but a colleague with a negative attitude can harm a company, because the atmosphere in a team often depends on the mood he/she has. This can happen during a reorganisation of business processes: changes are not accepted easily and if an influential colleague initiates a strategy, a company can lose valuable employees.

The management of a service provider greatly changed the structure of the company and management processes. The changes were not sudden: the personnel were warned that the corporate policy was being reviewed. One of the company’s old-timers, in conversations with colleagues expressed dissatisfaction with top management, its decisions, and instigated disloyalty among colleagues.

The working climate suffered: some employees simply lost motivation, others began to have thoughts about leaving the company. Seeing the full picture of what was happening, the company took measures: explained the nature of changes, goals, and immediate plans. People got answers and the situation stabilised.

Disloyal employees

Disloyal employees are automatically included in the risk group, they pit staff against top management, damage your company’s corporate reputation, delete, forge, leak or steal company documents. Outraged employees can pour out their negative emotions, and not only on their colleagues. In a blaze of anger, they leave devastating reviews on third-party sites and thereby damage the company’s reputation. Moreover, the working climate is directly related to the productivity of employees, and therefore the company’s profit.

One of the employees of a product company was outraged by the incentive system and other aspects of the relationship with the management. The troublemaker had worked in the company for a long time and gained authority, so many employees respected his words. As the relationship with the top management was heating up, the employee could hardly restrain his emotions and, eventually, almost openly pitted staff against the top management.

The investigation showed that the dissatisfaction of the team began to increase. The employees started to write negative comments on review sites. As a result, the agitator was reprimanded, and the HR department worked with the team to restore loyalty to the company.

The last two cases are vivid illustrations of employees becoming victims of manipulation and unwitting accomplices in reputation damage.

Inadvertent insider threats are evolving in multiple directions, that’s why risk assessment shouldn’t be a one-time thing and risk management should be dynamic too. Although accidental losses due to human activities are often unanticipated, there are methods that can safeguard a company against internal incidents:

• Enable data protection: The most valuable corporate assets are the most vulnerable to both intentional and unintentional insiders. Ongoing employee monitoring will ensure intellectual property safety and confidential data protection against all categories of insiders.

• Adopt behavioural analytics: A general data safety approach including basic instruments is not enough to proactively identify a potential insider. Even a DLP system is not that powerful, so we as a risk management product developer offer automated profiling for our clients.

Understanding many kinds of human behaviour is a major advantage in creating real safeguards against insider risks. With tools for employee monitoring, data protection and user behavioural analytics, it’s possible to perform advanced protection against both inadvertent and criminal insiders.

For more information contact Condyn, +27 12 683 8816, www.condyn.net





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Cybersecurity and insurance partnership for sub-Saharan Africa
Sophos News & Events Information Security Security Services & Risk Management
Sophos and Phishield Announce first-of-its-kind cybersecurity and insurance partnership for sub-Saharan Africa. The SMARTpod podcast, discussing the deal and the state of ransomware in South Africa and globally, is now also available.

Read more...
Corporate and academic teams can register for Kaspersky contest
Kaspersky News & Events Information Security
Kaspersky has announced the registration opening for its new Kaspersky{CTF} (Capture the Flag) competition, inviting academic and corporate teams from around the globe to compete in a battle of skill, strategy and innovation.

Read more...
FICA in the era of deepfake and AI-driven fraud
Security Services & Risk Management
A growing fraud strategy involves leveraging AI to produce highly convincing fake images, videos, and audio, commonly referred to as deepfakes, which are used to impersonate real individuals and spread misleading or false information.

Read more...
Continuous security optimisation.
News & Events Information Security
Cymulate has announced its partnership with SentinelOne, a threat exposure validation and AI-powered cybersecurity platform. The collaboration delivers self-healing endpoint security that empowers businesses to increase protection for every endpoint on their network.

Read more...
Protect your smart home devices
Kaspersky IoT & Automation Information Security Smart Home Automation
Voice assistants, kitchen robots, smart lights and many other intelligent devices have become part of our everyday life. However, with the rise of smart technology comes the need for robust protection against potential vulnerabilities.

Read more...
ISPA’s take-down process protects from local scams
News & Events Information Security
During the recent school holidays, parents could rest a little easier knowing that ISPA, SA’s official internet industry representative body, is removing an average of three to four problematic websites from the local internet every week.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.