BusinessCyber Security

Insider Threats: Staff’s Malicious Actions Bring Risks to Cybersecurity in Businesses

204
(source: Kaspersky)

Many cyber incidents that occur due to human error are often attributed to accidental mistakes made by employees. However, a crucial factor is often overlooked: intentional malicious behavior by staff. 

A recent study by Kaspersky revealed that over the past two years, 77% of companies worldwide have experienced cyber incidents, and one-fifth of these incidents were caused by deliberate malicious behavior by employees.

Two former Tesla employees shared the personal information of 75,735 current and former employees with a German newspaper. The company discovered the breach on May 10 through Handelsblatt. Maine regulators were notified on August 18.

Insider threats: what you need to know

What are insider threats?

There are two main types of insider threats: unintentional and intentional. 

Unintentional or accidental threats are employees’ mistakes, such as falling for phishing and other social engineering methods or, sending sensitive and confidential information to the wrong person, etc.

Malicious insiders who intentionally hack into their employer’s systems perpetrate intentional threats. Their motivation for doing so is usually financial gain from selling sensitive information or as an act of revenge. The primary objectives of malicious insiders are to disrupt or halt an organization’s regular business operations, reveal IT vulnerabilities, and gain access to confidential data.

Insiders with malicious intentions are the most dangerous employees who can provoke cyber incidents. Threats posed by their actions are complicated by several factors:

  • Insiders have specific knowledge of an organization’s infrastructure and processes, including understanding the information security tools used.
  • They are already inside the company’s network and do not need to penetrate the perimeter from outside via phishing, firewall attacks, etc.
  • They have colleagues and friends within the organization, so it’s much easier for them to use social engineering.
  • Insiders with malicious intentions are highly motivated to harm their organization.

What are the reasons for insider malicious actions? 

Financial gain is one of the primary motivators for employees to engage in malicious activities against their employers. In most cases, this involves the theft of sensitive information to sell it to third parties, such as competitors. Cybercriminals also purchase such data on the dark web to use it to attack businesses.

Terminated employees may act maliciously as revenge. They can still access work accounts if their access isn’t revoked. This can lead to harm, even with connections to current employees.

Unhappy employees may also act maliciously, seeking retribution against their employer for perceived wrongs, such as not receiving a raise or promotion.

One type of malicious activity that is worth noting is when insiders are colluding with external parties to breach an organization is a form of malicious activity. Cybercriminals enlist insiders to execute attacks, and third parties may partner with employees to access confidential information.

To combat malicious insider threats, Kaspersky recommends:

Written by
Tech Beat Philippines

Tech Beat Philippines is the social media news platform for all things technology. It is also a part of the GEARS section on Daddy's Day Out.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Daddy’s Day Out is a platform that celebrates modern masculinity and offers a space where men can unite, learn, and grow together. It fosters a community where authenticity, support, and self-expression thrive unapologetically.

Related Articles

Kaspersky Cybersecurity Products Dominate 2024 Performance Rankings

Kaspersky continues to set the standard for excellence in cybersecurity. Throughout all...

Bitget Builders Surpasses 5,000 Members, Sets Sights on Philippine Expansion

Bitget, a cryptocurrency exchange and Web3 company, is celebrating the success of...

GS1 Philippines Supports Barcodes for Safer Healthcare, Smoother Workflows

GS1 Philippines is promoting the use of barcode technology in healthcare. This...

Filipinos Must Stay Alert Amid Holiday Cybercrime Surge, Advises Kaspersky

As the holiday season approaches, many Filipinos are shopping online, exchanging gifts,...