Insider threats: what is behind the employee-led cybersecurity disaster

As external threats continue to dominate headlines, we take a look at the insiders that are frequently proving much more dangerous.

When it comes to cybersecurity, the rhetoric for organisations has, for a long time, centred on protection from all the external threats that might be looking to crack your systems and harvest your all-important critical data. However, as companies grow beyond borders, employ a multitude of contractors and third-party suppliers, and hire/let go of swathes of employees, the potential capacity of insiders to cause havoc grows quite rapidly. Turning a blind eye to the growing insider threat can be a recipe for disaster, as attackers within the perimeter will find it easier than anyone to move laterally within the network, potentially leading to huge losses of personal and critical business data.

While the notion of the insider threat has been around for a while now, the issue is becoming increasingly top-of-mind for the enterprise. In recent times, the volume and frequency of security breaches caused by disgruntled, careless, or negligent employees have risen significantly. According to a recent study from Bitglass, more than two thirds (73%) of surveyed respondents expressed their belief that insider attacks had become more frequent over the past year. IBM's 2018 X-Force Threat Intelligence Index [gated] backs up these findings, recording that around 60% of cyberattacks are caused by insider threats. Meanwhile, the Ponemon Institute estimates that the average cost of insider cyber-attacks equated to about (USD) $8.76 million in 2017, compared to the $3.86 million average price tag of all types of data breaches in the same year.

We are seeing these statistics manifest in large, high-profile security breaches occurring at some of the world's most prolific companies. An example can be found at Tesla, which recently was subject to ‘sabotage' by a rogue employee who broke into the company's manufacturing operating system and sent highly sensitive data to unknown third parties. In conjunction, a former Goodwill employee stole $93,000 from the charity by faking payroll records, and an Apple employee was charged with stealing trade secrets after allegedly planning to sell the company's secret data regarding self-driving cars. Other cases are less malicious on the employee side though, involving things like clicking on phishing links or reckless, non-intentional activity that leads to major gaffes. This was evident, for example, when an employee of Australian grocery chain Woolworths accidentally emailed out $1 million in gift cards to customers, along with customer data including names and email addresses. 

These are just some examples that highlight the importance of employee-based cyber breaches. With this in mind, and as things like nation-state and DDoS attacks continue to dominate the headlines, it's important to take stock of what is easily the most prolific cause of cyber-attacks today; the human element.

Types of insider threats

Generally, it's possible to broadly identify the two main groups of insider threats. AT&T outline both types of insider in their "Decoding the Adversary" report, defining them as either ‘malicious insiders' or ‘unintentional insiders'. These insiders can either be internal employees, or external contractors/third-party business partners, the latter of which can be a real headache for organisations with large supply chain or partner networks.

According to AT&T, the malicious insiders are simply rogue employees that look to use their access to the company network for personal gain. AT&T illustrates the malicious insider by pointing to a case it investigated at the regional headquarters of a state government agency, where a network manager was sifting through official databases for embarrassing information about people who bullied him in high school, in order to blackmail them. While in that case, the primary motivation was personal revenge, malicious behaviour can also stem from things like hacktivism, espionage, attempting to achieve a competitive business advantage, and perhaps most commonly, money. On the latter motivation, AT&T describes a case where an employee at a major financial institution sold customer information - including names, bank account numbers, and PIN codes to outside criminal groups, who then used the data to commit $10 million in fraud.

To continue reading this article register now