Malicious insider risk is an unpleasant but ongoing situation that every business has to deal with daily. Both current and former employees can intentionally damage a company, and just one disgruntled employee can wreak havoc fast. However, malicious insider actions are responsible for an estimated 25% of confirmed data breaches. There are also risks for ransomware deployment, credential compromise, and more nightmare scenarios. They explored how malicious insiders can explain why an employee might become a malicious insider.

What do malicious insiders do to harm companies?

There are myriad ways for an employee to do damage. Unhappy former employees can damage their employers when they leave by stealing data or proprietary information. According to a report by Gigamon, 35% of all ransomware attacks were caused by a malicious insider. Current employees who need money or feel slighted in some way can do nasty things like selling their credentials on the dark web. Malicious actors can also directly unleash a cyberattack by deploying malware themselves.

The Top Malicious Insider Actions:

• Exfiltrating Data 62%
• Privilege Misuse 19%
• Data Aggregation/Snooping 9.5%
• Infrastructure Sabotage 5.1%
• Circumvention of IT Controls 3.8%
• Account Sharing 0.6%

Source: Statista

Disgruntled employees steal data:

According to a report by the Palo Alto Networks, 75% of insider threat cases involved a disgruntled former employee who left with company data, destroyed company data, or accessed company networks after their departure. Malicious insider threats like those are especially problematic as companies get wind of the crime long after it’s committed, which can be detrimental to their future. Employees are most likely to steal data like intellectual property within 90 days of their resignation, with 70% of insider intellectual property thefts occurring in that window.

Offboarding failure bumps up credential compromise risk:

Most companies have security policies and training as part of their onboarding process. But security isn’t just an onboarding concern. It’s a critical step in offboarding to reduce insider risk. Over 90% of malicious insider incidents are preceded by employee termination or layoff, even if an employee leaves an organization on good terms. Every former employee who leaves a company yet still holds valid credentials with access permission is a security risk. The higher up the chain that employee is, the more significant the danger is that unauthorized access using those credentials could cause considerable damage quickly – 56% of employees use their continued digital access after their departure to harm their former employer.

In a 2021 study, researchers determined that after their employment ended, many former workers still had access to the systems, tools, and solutions that they used at their former job, including old email accounts (35%), work-related materials on a personal statement (35%), social media (31%), software accounts (31%) or shared files or documents (31%). Many also retained access to things like accounts with a third-party system (29%), another employee’s account (27%), a backend system (25%), and the company’s financial information (14%). Altogether, 83% of former employees surveyed said they continued to access accounts at their previous place of employment even after leaving the company.

It’s time to tighten your cybersecurity screws:

Cybersecurity is a continuous process and a thankless job. People remember you for one breach that your organization endured rather than the thousands of attempts that your organization could foil. Given the number of cyber threats emerging from different quarters, it’s high time you look hard at your cyber defenses and eliminate any chinks in your armor. Malicious insider attacks are hard to spot and take longer to remediate than attacks from other vectors. A Ponemon Institute report reveals that it takes 77 days to detect and contain an insider attack on average.

One of the main questions security leaders in organizations should ask is: Is my organization ready to handle malicious insider threats? In a recent survey, 95% of respondents (and 99% of CISOs/CIOs) viewed the malicious insider as a significant risk to a business.

Building a solid security culture bolstered by a robust security awareness training program is critical for reducing non-malicious and malicious insider threats. Companies with regular security awareness training have 70% fewer security incidents. Organizations should keep an eye on the dark web since that’s where an employee would go to sell their credentials or steal data. Bad actors will gladly pay to get a hold of a legitimate network credential that allows them to quickly gain entry into a company’s systems and efficiently fulfill their nefarious intentions.

Source: ID Agent