Insiders: who are they?

1 May 2019 Security Services & Risk Management, Information Security

Insiders are the business’s weakest link and breaches caused by employees are the costliest and the hardest to predict. This is especially true if we talk about accidental insiders who leak unintentionally and have limited knowledge of a corporate security policy. Their action may not only cause direct damage, but also catalyse fraudsters or hackers. In fact, according to the 2018 Insider Threat Report by Cybersecurity Insiders, more than 51% of companies are concerned about the unintentional insider attack.

Accidental insiders present the focus of the article; let’s consider some examples of the rapidly growing presence of this type of threat.

Sergey Ozhegov
Sergey Ozhegov

Risk groups of employees

People from risk groups (gamblers, debtors, addicts, and other risk groups) are often victims of blackmail. Under pressure, they choose to commit crimes in order to keep personal secrets.

A competitor of a transport company began to entice customers systematically at the stage of signing agreements. The risk manager of a company drew attention to the changed behaviour of one of the top managers. An in-depth analysis and notification of the violation of security policy used to identify relations between colleagues showed that a top manager was intimate with one of the employees.

The employee herself would actively communicate on social networks with an employee from a competing company. The risk manager suggested that having learnt about the ‘skeleton in the closet’, the competitors decided to blackmail the top manager and forced him to leak data. To test the hypothesis, the top manager was told deliberately false information about the upcoming transaction – and the competitors took advantage of this.


Ex-employees, especially those who left with a scandal or went to competitors, often try to find out confidential information through ex-colleagues with whom they maintain friendly relations and communicate on a daily basis or from time to time.

One of a retailer’s employees discussed the company’s short-term development plans with an unknown via Skype. It was found out that the account of the unknown belonged to a former sales manager of the company who left for a competitor but continued to keep close relations with some colleagues. The ex-employee was trying to learn about changes in the company’s policy and future development plans. The information security officer talked to the employee and explained the potential impact of this friendly communication.

Informal leaders

A positively minded informal leader will benefit, but a colleague with a negative attitude can harm a company, because the atmosphere in a team often depends on the mood he/she has. This can happen during a reorganisation of business processes: changes are not accepted easily and if an influential colleague initiates a strategy, a company can lose valuable employees.

The management of a service provider greatly changed the structure of the company and management processes. The changes were not sudden: the personnel were warned that the corporate policy was being reviewed. One of the company’s old-timers, in conversations with colleagues expressed dissatisfaction with top management, its decisions, and instigated disloyalty among colleagues.

The working climate suffered: some employees simply lost motivation, others began to have thoughts about leaving the company. Seeing the full picture of what was happening, the company took measures: explained the nature of changes, goals, and immediate plans. People got answers and the situation stabilised.

Disloyal employees

Disloyal employees are automatically included in the risk group, they pit staff against top management, damage your company’s corporate reputation, delete, forge, leak or steal company documents. Outraged employees can pour out their negative emotions, and not only on their colleagues. In a blaze of anger, they leave devastating reviews on third-party sites and thereby damage the company’s reputation. Moreover, the working climate is directly related to the productivity of employees, and therefore the company’s profit.

One of the employees of a product company was outraged by the incentive system and other aspects of the relationship with the management. The troublemaker had worked in the company for a long time and gained authority, so many employees respected his words. As the relationship with the top management was heating up, the employee could hardly restrain his emotions and, eventually, almost openly pitted staff against the top management.

The investigation showed that the dissatisfaction of the team began to increase. The employees started to write negative comments on review sites. As a result, the agitator was reprimanded, and the HR department worked with the team to restore loyalty to the company.

The last two cases are vivid illustrations of employees becoming victims of manipulation and unwitting accomplices in reputation damage.

Inadvertent insider threats are evolving in multiple directions, that’s why risk assessment shouldn’t be a one-time thing and risk management should be dynamic too. Although accidental losses due to human activities are often unanticipated, there are methods that can safeguard a company against internal incidents:

• Enable data protection: The most valuable corporate assets are the most vulnerable to both intentional and unintentional insiders. Ongoing employee monitoring will ensure intellectual property safety and confidential data protection against all categories of insiders.

• Adopt behavioural analytics: A general data safety approach including basic instruments is not enough to proactively identify a potential insider. Even a DLP system is not that powerful, so we as a risk management product developer offer automated profiling for our clients.

Understanding many kinds of human behaviour is a major advantage in creating real safeguards against insider risks. With tools for employee monitoring, data protection and user behavioural analytics, it’s possible to perform advanced protection against both inadvertent and criminal insiders.

For more information contact Condyn, +27 12 683 8816,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

AI and ransomware: cutting through the hype
AI & Data Analytics Information Security
It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it.

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Detecting humans within vehicles without opening the doors
Flow Systems News & Events Security Services & Risk Management
Flow Systems has introduced its new product, which detects humans trying to hide within a vehicle, truck, or container. Vehicles will be searched once they have stopped before one of Flow Systems' access control boom barriers.

A standards-based, app approach to risk assessments
Security Services & Risk Management News & Events
[Sponsored] Risk-IO is web-based and designed to consolidate and guide risk managers through the whole risk process. In this article, SMART Security Solutions asks Zulu Consulting to tell us more about Risk-IO and how it came to be.

Cybercriminals embracing AI
Information Security Security Services & Risk Management
Organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still figuring out how best to use AI, cybercriminals have fully embraced it.

Integrate digital solutions to reduce carbon footprint
Facilities & Building Management Security Services & Risk Management
As increasing emphasis is placed on the global drive towards net zero carbon emissions, virtually every industry is being challenged to lower its carbon footprint and adopt sustainable practices.

Cybersecurity and AI
AI & Data Analytics Information Security
Cybersecurity is one of the primary reasons that detecting the commonalities and threats of what is otherwise completely unknown is possible with tools such as SIEM and endpoint protection platforms.

Visualise and mitigate cyber risks
Security Services & Risk Management
SecurityHQ announced its risk and incident management capabilities for the SHQ response platform. The SHQ Response Platform acts as the emergency room, and the risk centre provides the wellness hub for all cyber security monitoring and actions.

Eighty percent of fraud fighters expect to deploy GenAI by 2025
Security Services & Risk Management
A global survey of anti-fraud pros by the ACFE and SAS reveals incredible GenAI enthusiasm, according to the latest anti-fraud tech study by the Association of Certified Fraud Examiners (ACFE) and SAS, but past benchmarking studies suggest a more challenging reality.