As the pace of technological advancement quickens and the number of valuable data points that companies gather continues to grow at a breakneck pace, so too does the threat that malicious forces will target that technology or data. It’s often assumed that the biggest such threats come from outside of companies, but insiders may, in fact, be a greater threat overall, whether their actions are intentional or not.
Retired FBI agent and current corporate investigator Martin Jerge warns that even the most powerful cyber threat detection systems can be undone by just a single insider.
The Ponemon Institute’s 2018 Cost of a Data Breach Study found that 48% of breaches were due to criminal attacks, many with insider components, while insider-driven human error and IT or business process failures accounted for the other 52%. Furthermore, data from IBM found that 60% of cyber-attacks are due to insider threats.
Companies Aren’t Prepared for or Even Aware of the Insider Threat
Yet few companies are prepared to handle insider threats despite the occurrence of thousands of internal breaches every year. In fact, most don’t even see them as much of a threat at all despite the data.
According to an insider threat study carried out by IS Solutions, out of the human resources people surveyed, who should be leading the charge on educating their employees about security-related threats, only 15% of them believe that the company’s employees are even a top-3 security threat.
Most of those same companies have a dearth of procedures and security measures in place to protect themselves against either intentional or unintentional insider threats. Password sharing is rampant and widely accepted at companies, with greater than 50% of U.S and UK desk employees and senior management alike believing that the practice posed no risk.
That’s a huge mistake says Martin Jerge, the former agent with the Federal Bureau of Investigation, who states that having a workplace culture that is tolerant of password sharing greatly increases companies’ exposure and risk to spear-phishing attacks, which a staggering 88% of global organizations have been targeted by according to survey data shared in the 2020 State of the Phish report.
They are the intentional insider threats, which are being fed by a burgeoning black market in Asia and elsewhere that are willing to pay exorbitant fees for illicit data and trade secrets culled by corporate insiders, particularly in banking and telecommunications industries.
E-commerce powerhouse Amazon is just one example of a company that has dealt with insider threats recently, with some of its employees reportedly selling illicit services to brokers. Among other things, some of its employees have been suspected of deleting bad product reviews, reinstating banned accounts, and sharing customer information and internal data with brokers, all in exchange for lucrative fees.
Apple and Dupont are two other major corporations that have recently dealt with suspected insider threat activity. In the case of Apple, a Chinese employee was arrested after attempting to return to China with a confidential 25-page document in tow relating some of Apple’s autonomous vehicle technology.
Possible Indicators of Insider Threat Activity
The cost of insider threats is rising at a rapid pace, which is why companies need to do more to monitor and protect themselves from their occurrence. Martin Jerge lays out a series of warning signs among employees which indicate they could pose an insider threat to the company.
Negative Performance Reviews – If an employee isn’t adequately performing their duties, and particularly if this is a relatively new phenomenon, that could be a sign that they now have competing interests while on the job. That could include covertly copying files, performing other functions that aren’t part of their job or trying to gain access to unauthorized areas outside their current assignment when they should be attending to their regular job functions.
Employee Financial Problems – This isn’t an indicator of insider threat activity in and of itself, but could make an employee more susceptible to the allure of selling data or secrets for the right price, as further detailed in the following section.
Unusual Financial Gain – Malicious insiders in industries like banking could be making as much as 10x their regular salary through their illicit activities according to Trustwave’s Ziv Mador. This can be too tempting to pass up for low-level employees making modest salaries, especially those living in regions with substandard insider threat enforcement. If employees appear to be living well beyond the means of their salary, it’s entirely likely they have an illicit income stream derived from insider threat activity.
Unusual Working Hours – If an employee is working unusual hours, it may indicate one of two possibilities: that they have other obligations which take precedence during more routine hours, or that they’re working unusual hours in the hopes of having less oversight so they can engage in illicit activities undetected.
Attempts to Access Information Beyond Current Job Assignment – These attempts may appear innocuous enough at first glance and the employee will probably have a reasonable excuse for the attempt. Nonetheless, they could be major warning signs that the employee is testing the company’s security defenses or that they have a very specific purpose for the information they’re trying to access.
Also read, 4 Best Practices When “Going Paperless”
Recurring Leaves of Absence from Work – Repeated leaves of absence could indicate that an employee needs to frequently travel, leaving them unable to attend work, or that they need to consistently free up more time to devote to other tasks, either of which could represent an insider threat.
Unusual Foreign Travel – In conjunction with the previous point, if it’s known that an employee is frequently taking unusual trips, and especially if they’re repeatedly visiting the same place, that could be a sign that they’re regularly meeting with a business associate and/or making deliveries of important goods, such as their employer’s data.
Resigning from The Company – A final warning sign is when an employee suddenly resigns from a company and particularly if they cite an impending overseas move. There could be various perfectly valid reasons for doing so, but it could also point to the culmination of the employee’s illicit activity and the potential threat they pose to the company says, Martin Jerge. An employee may attempt to take stolen information to a new job and company or use it to establish their own business. An abrupt resignation may also be an attempt to avoid any possible reprisal.