Home | Cybersecurity

Internet Security: The Malicious Insider

“Insider threat is the potential for an insider to use their authorized access or understanding of an organization to harm that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities.”

– The Cybersecurity & Infrastructure Security Agency of the Government of the United States.

There is one internet security threat no one wants to discuss: the malicious insider.

The malicious insider, or group of malicious insiders, is the most insidious of internet threats because it comes from sources you should be able to trust. Some malicious insiders are out to harm an organization they feel has disrespected them, even though they choose to remain with the company.

Why do people become malicious insiders?

Once caught, most malicious insiders claim they were just absent-minded and forgot to log out of one system or another. One security agency found that personal vendettas were most often the cause. Some malicious insiders are bullies with a problem with a fellow employee. Others are revenge-seekers who have been passed over for promotions or feel unappreciated or underpaid.

In conversations with victims of malicious insiders, one spoke of an entire team that turned coat after losing parts of a project due to poor quality work. Sometimes, the mischief is just a matter of displaying power and level of access to company information.

Cleaning up site layouts and content after an attack on your company’s digital properties is annoying. Correcting client relationships, and re-engaging potential clients when the attack compromises corporate reputations and professional competencies, is more difficult. Dealing with the realization that a colleague or colleagues are undermining their work, organizational objectives, income, and job security may be irreparable.

What Are the Signs Malicious Insiders attacked your Company?

There are technical and non-technical signs a malicious insider hacked your organization rather than an outside hacker. The non-technical signs will generally inform you when you look more deeply at your technical data.

3 Non-technical signs include:

1. Timing

The timing of the attacks is when the company has only a skeleton crew at work. Most attacks occur during holiday periods, night shifts, and weekend shifts when management is least likely to be on duty. Then, they will remain unnoticed – and do the most damage- until regular business resumes.

2. Coincidences

Malicious insider attacks are repeated attacks. They coincide too often with events that make employees unhappy to be coincidences. Companies will see repeated attacks after events like the revocation of vacation requests, announcements that bonuses won’t be given, or when a contract is awarded to another department. The attacks may escalate or de-escalate according to the actor’s level of pettiness.

3. Shown access to employee data

When personal vendettas are at the heart of the attacks, the malicious insider’s access to employee data shows. Harassment via constant calls to an employee’s personal phone or attacks on their personal portfolio website at the same time as the attacks on company sites are just two common examples of individuals targeted by malicious insiders report.

How can companies prevent attacks from malicious insiders?

Here are three tips:

1. Develop security hygiene practices

Team members generally develop the same habits. Ensure your organization has good security hygiene by ensuring all login credentials are unique to each individual, easy for them to change, and aren’t written down or shared to a common file. Sharing passwords to enable sharing of tasks and responsibilities is an all too common practice that provides malicious insiders opportunities to commit mischief without being discovered.

2. Emphasize transparency and accountability

While it is true there is no “I” in team, each team is composed of individuals who contribute their unique combination of skills and talents. It should always be clear who is working on what. No one should use composite or fake identities when accessing any tool or digital property. Aliases and pseudonyms have no place in testing, development, or tech maintenance tasks requiring unique login credentials.

3. Create opportunities for learning and professional/ career development

The personal vendettas that are often behind the actions of a malicious insider started as an opportunity to learn. Everyone makes mistakes. Showing a willingness to correct those mistakes is a sign of a maturing professional. Offering access to a course and other opportunities to develop or improve a skill can prevent a work performance critique from becoming cause for hostility.

It is often said that an ounce of prevention is worth a pound of cure. That old saying is true for addressing the actions of malicious insiders too. Once events have occurred, many companies find it necessary to fire the entire team based on the actions of one actor or a few co-conspirators. It’s much easier, financially viable, and secure for companies to start from scratch with new employees with more reason to be loyal and to take more pride in their work.

Next Steps

Everyone must learn more about Internet security to keep themselves, their co-workers, and their companies safe.

Everyone in all organizations must be responsible for ensuring a safe network, safe digital communications and media, and creating a safer workplace. Are you just beginning to learn about security issues on the job? Look at our Cyber Security Certification Course, which provides an overview of current issues and how to prevent troubles such as those outlined in this article.

Leave a comment

Your email address will not be published. Required fields are marked *