Insider Threats: Combating the Risks that Come From Within

Insider Threats are cybersecurity risks posed by a company’s internal members, who either intentionally or unintentionally compromise said organization’s security and data. These are usually folks with access to sensitive information such as customer databases and internal networks.

There are two classifications of insiders when it comes to insider threats — malicious and negligent. When we hear the term insider threats“, we typically think of a malicious, disgruntled employee when thinking of insider threat. These are individuals purposefully seeking out sensitive information or who are trying to hurt the company in some way, be it stealing information or bringing operations to a halt. While the image of an angry, sneaky employee first comes to mind, there are also those insiders who unknowingly cause harm to the company — these individuals, referred to as negligent insiders, fail to follow proper cybersecurity practices, thus putting the company at risk.

In the last two years, insider threats have grown by nearly 50%, according to a study conducted by the Ponemon Institute. The study also detailed the staggering fact that the monetary costs associated with insider threats have grown by 31% since 2018. Due to this, insider threats are at the tops of many managers’ minds, and rightfully so. Not only do insider threats result in a sometimes severe impact to a business’ bottom line, but information that is essential to a company’s success can be compromised by this threat as well. One such company which recently had to deal with this very issue is compute security software company, McAfee.

McAfee Insiders turn to Competitors

McAfee has filed a lawsuit alleging that three former sales representatives who left the organization to work for rival security company, Tanium, brought with them McAfee-specific trade secrets. The suit alleges that the sales reps took part in a conspiracy to take down the security giant when they left by stealing the “secret sauce” which underlies the sales tactics and customer strategies which have brought McAfee such success over the years. Once McAfee realized three of their former members of the same sales team had left the company only to all join a rival company all on the same team, the company conducted a forensic examination of the computers used by one of those sales reps to find that the he had forwarded to himself and the others “…numerous confidential files while using unauthorized USB devices on his last day at McAfee.”

While this lawsuit has not yet been resolved in either party’s favor, the allegations are not uncommon for businesses against former employees. Especially in cases such as this where sales representatives had managed massive accounts for the company (the team in question here managed millions of dollars in customer sales for the security giant) are essentially poached by rival companies. A very common trait of those who maliciously and intentionally pose an inside threat to a company is a lack of loyalty to their employer. While this may or may not be the case with the former McAfee employees, it is likely something the company will keep in mind for future sales teams.

Not only are insider threats terrible for a business on their own just by compromising data or halting productivity, but these threats in particular expose a company and signal to external cybercriminals where the cracks in a company’s security foundation lie. Roblox, the online gaming play and creation platform, experienced just this sort of cyberthreat when one of its employees was used to gain vital information for a malicious hacker.

Roblox External Threat Enabled by Insider Weakness

Cyber threats are always looming, ready to attack any unsuspecting entity. When those threats are coming from those affiliated with the company, the organization’s structure is weakened from the inside out. This creates worsened vulnerabilities and opens gaps which external attackers can use to their advantage.

An unknown hacker apparently reached out to an insider at Roblox and paid them to look up company-specific information for that individual. The hacker then reached out to the Roblox management team and told them that this happened and that the hackers then used this information to phish customer support representatives to access the company database. This is an extreme case of a cyber-crime phenomena known as social engineering. Social engineering occurs when a person, in this case an insider at Roblox, is influenced by a malicious actor who essentially uses the unsuspecting victim as a puppet to carryout their malicious acts or, as is true in this case, to provide them with otherwise inaccessible information.

This social engineer used their victim to gain access to information such as users’ email address and passwords. Not only this, but the hacker was able to make changes to gamers’ login information and processes including the removal of two-factor authentication protections, a typical cybersecurity best practice when it comes to protecting accounts.

While social engineering being a factor in this case may make this more of a borderline malicious-vs-negligent insider, this is an example of how threats posed by those inside a company can impact not only a company but its employees as well.

How to Combat Insider Threats

  • Teach employees how to avoid being a negligent insider By emphasizing the importance of best cybersecurity practices, like not reusing passwords and avoiding suspicious emails, inadvertent insider threat can be avoided.
  • Look for the signs of a disgruntled employeeDisgruntled employees are the most likely to become malicious insiders who willingly try to do harm to the company. Pay attention to employees who constantly have negative opinions of the company, as they likely are not loyal to the company. Also be aware of obvious addictive behaviors in employees as these employees may become desperate if presented with an outside threat such as that faced by Roblox.
  • Perform company-wide risk assessments often — Be aware of your company’s vulnerabilities and determine preventative ways to protect your most valuable data.

Image by Freepik