Companies have become increasingly aware of the risk malicious insiders pose, and with a potential economic downturn that will drive significant layoffs, it has never been more important for business leaders to understand the impact malicious insiders can have on a company’s security posture.
Employees who leave the company, voluntarily or not, present a real and ongoing risk for companies in today’s hybrid world. Often the individuals planning to leave a company aren’t pleased with their existing work environment and disgruntled employees usually carry a chip on their shoulder due to the company's inability to alleviate any of their concerns.
These feelings escalate even more when it comes to unexpected layoffs and can be a powerful driver of insider threats, leading to the exfiltration of sensitive information.
The continued rise of the super malicious insider presents a very real and scary risk for businesses in 2023. Because these individuals’ technical proficiency and acute awareness of the company's existing cyber security architecture, solutions and processes surpass the capabilities of your average malicious insider, they are better able to evade detection.
Here are some of the scariest real-world examples of the super malicious threats the DTEX team has uncovered:
Ghost employee accounts
An individual maintained access to corporate systems and data after leaving their company by proactively creating another account prior to leaving. This was done because the individual suspected that the business would keep a closer eye on the activity of employees leaving the business for suspicious data loss or risky behaviours.
This persistent access was then used to steal customer data and sabotage the company’s operational pipeline by modifying purchase orders months after the individual was let go.
The disgruntled employee
As a result of perceived unfair treatment, an employee decided to steal their supervisor’s personal details (e-mail, phone number, etc) and leveraged the information to sign into various spam sites.
This resulted in the employer and their loved ones experiencing ongoing harassment, significantly disrupting their day-to-day lives. Ultimately, the incident forced the family to change all of their personal information.
The social engineering scare
Another incident identified by the DTEX i³ team involved a disgruntled employee who socially engineered another employee to steal hundreds of thousands of customer records. In this example, the existing identity and access management security solution had been correctly configured to allow only authenticated access, but an authorised download followed by a shared link using a company-approved file-sharing utility was all that was needed to gain unauthorised access.
Once the malicious employee gained access to the records, they archived the information and saved it to the draft’s folder of a personal webmail account for easy access and exfiltration. After the malicious insider secured a position at a new company, they sold the information on the dark web.
Super malicious insider threats can be detrimental to enterprises as these incidents can directly impact employees’ livelihoods by diminishing the company's brand and/or causing irreparable damage to an individual’s reputation. These examples should serve as a wake-up call to security leaders that traditional DLP, UBA and UAM tools aren’t sufficiently mitigating malicious insider threats.
Share
J2 Software
J2 Software is a cyber security focused technology business founded in 2006 to address the need for effective cybersecurity, governance, risk and compliance solutions that are practical and purpose built.
The continued rise of cybercrime, identity theft and confidential data leakage drives the requirement for J2 Software’s managed cyber security service offerings, not only for competitive advantage, but as an absolute business necessity. The company offers managed cyber security services for every business. We ensure that you have greater visibility to identify risky behaviour and enhance the capability to respond to prevent losses.
J2 Software delivers essential tools that empower organisations to take control of their technology spend. The company's hand-picked solutions are combined with our services to provide complete visibility over its customers' environment, while reducing risk and lowering costs.
J2 Software is helping improve the cyber resilience of our customers and provide services to more than 350 customers on 4 continents.