How Do Malicious Insiders Damage Companies? - Tecbound Technology

How Do Malicious Insiders Damage Companies?

Malicious insider risk is an unpleasant but ongoing situation that every business has to deal with daily. Both current and former employees can intentionally damage a company, and just one disgruntled employee can wreak havoc fast However it happens, malicious insider actions are responsible for an estimated 25% of confirmed data breaches. They’re also risks for ransomware deployment, credential compromise and more nightmare scenarios. They were exploring how malicious insiders can shed light on why an employee might become a malicious insider.

What do malicious insiders do to harm companies?

There are myriad ways for an employee to do damage. Unhappy former employees can damage their employers when they leave by stealing data or proprietary information. According to a report by Gigamon, 35% of all ransomware attacks were caused by a malicious insider. Current employees who need money or feel slighted in some way can do nasty things like selling their credentials on the dark web. Malicious actors can also directly unleash a cyberattack by deploying malware themselves.

The Top Malicious Insider Actions:

  • Exfiltrating Data 62%
  • Privilege Misuse 19%
  • Data Aggregation/Snooping 9.5%
  • Infrastructure Sabotage 5.1%
  • Circumvention of IT Controls 3.8%
  • Account Sharing 0.6%

Source: Statista

Disgruntled employees steal data:

According to a report by the Palo Alto Networks, 75% of insider threat cases involved a disgruntled former employee who left with company data, destroyed company data, or access company networks after their departure. Malicious insider threats like those are especially problematic as companies get wind of the crime long after it’s committed, which can be detrimental to their future. Employees are most likely to steal data like intellectual property within 90 days of their resignation, with 70% of insider intellectual property thefts taking place in that window.

Offboarding failure bumps up credential compromise risk:

Most companies have security policies and security training as part of their onboarding process. But security isn’t just an onboarding concern. It’s a critical step in offboarding to reduce insider risk. Over 90% of malicious insider incidents are preceded by employee termination or layoff, even if an employee is leaving an organization on good terms. Every former employee who leaves a company yet still holds a set of valid credentials with access permission is a security risk. The higher up the chain that employee is, the larger the risk is that unauthorized access using those credentials could cause major damage fast – 56% of employees use their continued digital access after their departure to harm their former employer.

In a 2021 study, researchers determined that after their employment ended, many former workers still had access to the systems, tools and solutions that they used at their former job including old email accounts (35%), work-related materials on a personal account (35%), social media (31%), software accounts (31%) or shared files or documents (31%). Many also retained access to things like accounts with a third-party system (29%), another employee’s account (27%), a backend system (25%) and the company’s financial information (14%). Altogether, 83% of former employees surveyed said they continued to access accounts at their previous place of employment even after leaving the company.

It’s time to tighten your cybersecurity screws:

Cybersecurity is a continuous process and a thankless job. People remember you for one breach that your organization endured than the thousands of attempts that your organization was able to foil. Given the number of cyber threats emerging from different quarters, it’s high time you take a hard look at your cyber defences and eliminate any chinks in your armour. Malicious insider attacks are hard to spot and take longer to remediate than attacks from other vectors. A Ponemon Institute report reveals that it takes on average 77 days to detect and contain an insider attack.

One of the main questions security leaders in organizations should ask is: Is my organization ready to handle malicious insider threats? In a recent survey, 95% of respondents (and 99% of CISOs/CIOs) viewed the malicious insider as a significant risk to a business.

Building a strong security culture bolstered by a robust security awareness training program is critical for reducing non-malicious and malicious insider threats. Companies that engage in regular security awareness training have 70% fewer security incidents. Organizations should keep an eye on the dark web since that’s where an employee would go to sell their credentials or steal data. Bad actors will gladly pay to get a hold of a legitimate network credential that allows them to quickly gain entry into a company’s systems and easily fulfill their nefarious intentions.

Source: ID Agent

Free Guide

16 Questions You MUST Ask Before Hiring Any IT Company