Which of your employees are out to get you? Tips for identifying and understanding malicious insiders

Not to sound like a broken record, but protecting your organization’s information is a pretty big deal. Recent data breaches have cost corporations millions of dollars, and the trust of thousands of people. Like we’ve pointed out in the past, many of these breaches are caused by your employees and the other people who have access to your systems – the insiders. These insiders fall into four broad categories – and two of them aren’t even threatening your security on purpose. Those inadvertent insiders are the categories Applogie protects against. 

But what about the other two categories? The malicious insiders and the professional insiders? There are fewer people who are actively scheming to steal your company data, but they are out there – and they’re motivated. 

Okay, so the Applogie platform isn’t going to track down the people who are hellbent on stealing your information, but we’re experts in data protection, and we want to make sure you’re educated about all the ways in which your data could slip through the cracks. That’s why we want to run through some tips for spotting and understanding insider threat. It’s time to get to know your malicious insiders. 

Who are they? 

Research done by Carnegie Mellon University’s CERT Insider Threat Center states “the employees that pose the greatest risk for insider threat/theft include technical staff such as engineers and scientists, managers, sales personnel and programmers,” and warn organizations to pay particularly close attention to employees with administrative rights and specialized users of IT systems, because “these employees know the strengths and vulnerabilities of the systems.”

What’s their motivation?

The CERT Insider Threat Center has identified four categories of motivation for someone stealing corporate data: 

  • IT sabotage: When an insider wants to steal code, proprietary programs or other IT assets as retribution against the company for a perceived slight.
  • Business advantage: When an insider takes corporate data to use as an advantage at a new job (probably with one of your competitors) or to start a new business of their own. 
  • Financial gain: When an insider steals Social Security numbers, credit card data or banking information in order to defraud your company of money. 
  • Espionage: When an insider is spying on your company and taking its information to “the enemy” for corporate advantage, political gain, or financial reward. 

How do they do it? 

Malicious insiders steal and move corporate data in a variety of ways, including: 

  • Over email: Email is one of the easiest ways to transfer smaller amounts of data (less than 10 GB). 
  • Via FTP (File Transfer Protocol): Malicious insiders who know what they’re doing are likely to upload stolen data to an FTP site.
  • With removable media: Physically transferring data to a USB drive, cell phone, tablet or external hard drive is an easy way to copy data and carry it out of the office. It’s also tough to track and trace. 
  • By accessing your systems remotely: If your data is in the cloud (and it probably is), employees likely have access to it from anywhere, meaning they can download and save it to personal devices, machines and servers. 
  • On paper: Sure, it’s old-school, but it still works. Malicious insiders can easily grab paper documents containing your information and pass them into the wrong hands. 
  • Taking pictures and screenshots: Taking a picture of information on a computer screen with a personal cell phone is one of the easiest, quickest ways to get proprietary data off-site, and it’s nearly impossible to track. 

How do you spot a malicious insider? 

A 2019 Security Today article points out risk signs that an employee might be up to no good or desperate enough to feel that stealing from your company is their best option. These risk signs include: 

  • Extreme interest in matters outside their role and job duties
  • Working odd hours without authorization
  • Excessive negative commentary about the organization
  • Signs of drug or alcohol abuse, financial difficulties, gambling, and poor mental health

As with all cloud and cybersecurity matters, reducing your risk of a data breach by malicious insider isn’t just one person or one department’s job. 

“HR and IT security teams should be vigilant in the wake of significant organizational events, such as a layoff or if an employee believes they are going to receive a promotion and do not,” says Security Today. “Most important is coordination between HR and IT security around these events.”

Of course, it’s important to remember that two-thirds of total data records compromised in 2017 were the result of inadvertent insiders. So while there’s still a significant chance of purposeful, malicious breach, it’s probably more important to defend your organization against the people who don’t know any better. Here are some steps to take to do so, and here’s how the Applogie platform puts automated protection in place. Try it today for free!

Leave a Reply