There are several different ways your current employees can knowingly or inadvertently bypass your security; while all can wreak havoc with your systems and cause irrevocable damage, those with malicious intent in mind are by far the worst. Understanding the different levels of threat and what may motivate these insiders can help you create strategies that truly mitigate your risk.
Careless or negligent insiders are simply not paying attention or not correctly trained to handle the data they have access to. They can accidently erase data, modify important information or otherwise harm your systems due to incompetence. If not identified, these benign insiders could be exploited by others and cause even greater harm to your business.
Exploited insiders are trusted employees who can be tricked or cultivated by others to unwittingly expose or steal your sensitive data. Whether they are helping a “friend” or handing over passwords or data for cash or rewards, the exploited insider can cause significant harm to your systems.
Malicious insiders may be rare, but they also cause the highest level of damage. These individuals knowingly steal information or intentionally damage your systems and the longer they go undetected, the more damage they can do. Edward Snowden, American Semiconductor employee Dejan Karabasevic and Motorola worker Hanjuan Jin each caused significant damage to the organization they worked for, while maintaining the guise of a loyal team member.
What Motivates the Malicious Insider?
What makes a trusted employee turn bad – and willingly help others harm your business? Insider Edward Snowden cited activism and political reasons for releasing the documents he made public – and he had the ability to easily release and distribute the data he stole. Not all malicious insiders are activists and they release information or seek to harm your systems for a variety of reasons, including:
- - Financial rewards or incentives from a third party; American Semiconductor employee Dejan Karabasevic stole source code from the company during a three month period and delivered it to a third party. His reward? Women and cash.
- - Revenge on you or your business for a perceived slight
- - Whistleblowing or accusing your business of wrongdoing
- - Coercion due to threats by a third party
According to a recent report by the Software Engineering Institute (SEI), the inside attacker may be suffering financial difficulties, feel disgruntled with your business or a supervisor or be described as generally difficult to work with. In many cases, the malicious insider develops negative feelings about your business when an offer or opportunity emerges; he may feel better about damaging a business he feels is “bad” or harming others in some way.
Spotting the Malicious Insider
According to the FBI, malicious insiders do display some symptoms before discovery, even though they are often fully trusted, fully entrenched in your business and performing their jobs as usual. Some common signs of trouble include:
- - Employees who are interested in or exploring classified or proprietary information that is not related to their job duties or area of expertise
- - Employees who take information home or remove it from your premises without authorization or a legitimate reason to do so
- - Workers who remotely access your network at odd times, who suddenly begin accessing your network remotely (without a legitimate change in work circumstances or reason) or who access the network while on vacation. Motorola employee Hanjuan Jin was apprehended while attempting to leave the country with over a thousand privileged documents in her possession.
- - mployees who suddenly have an influx of amounts of cash, luxury possessions or international travel without explanation. A worker who makes $40,000 a year who shows up with a $200,000 sports car may have just inherited money or won the lottery – or he could have just sold your valuable data.
- - Employees who have recently been demoted, disciplined, disappointed at work or passed over for a promotion they felt they deserved might be more vulnerable to coercion
Protecting your Data from the Malicious Insider
Learning more about the distinction between legitimate workplace access and activity and potential malicious activity is a significant challenge for businesses of all sizes. The tools used to detect outsider interference or attempts won’t help much if the person stealing your data is already authorized to be inside your network. Learning more about how the malicious insider thinks and operates and recognizing troublesome patterns of behavior can help alert you to a potential issue before it can devastate your business.
What could just one malicious or coerced insider do to your business – and what do you need to know to protect yourself from harm? Learn more about the top security threats to the enterprise in our whitepaper, "Effectively Managing Cyber Security: Top 5 Enterprise Threats" and follow our blog for the latest cyber security news and trends.