Many cyber incidents that occur due to human error are often attributed to accidental mistakes made by employees. However, a crucial factor is often overlooked: intentional malicious behavior by staff.
A recent study by Kaspersky revealed that over the past two years, 77% of companies worldwide have experienced cyber incidents, and one-fifth of these incidents were caused by deliberate malicious behavior by employees.
Two former Tesla employees shared the personal information of 75,735 current and former employees with a German newspaper. The company discovered the breach on May 10 through Handelsblatt. Maine regulators were notified on August 18.
Insider threats: what you need to know
What are insider threats?
There are two main types of insider threats: unintentional and intentional.
Unintentional or accidental threats are employees’ mistakes, such as falling for phishing and other social engineering methods or, sending sensitive and confidential information to the wrong person, etc.
Malicious insiders who intentionally hack into their employer’s systems perpetrate intentional threats. Their motivation for doing so is usually financial gain from selling sensitive information or as an act of revenge. The primary objectives of malicious insiders are to disrupt or halt an organization’s regular business operations, reveal IT vulnerabilities, and gain access to confidential data.
Insiders with malicious intentions are the most dangerous employees who can provoke cyber incidents. Threats posed by their actions are complicated by several factors:
- Insiders have specific knowledge of an organization’s infrastructure and processes, including understanding the information security tools used.
- They are already inside the company’s network and do not need to penetrate the perimeter from outside via phishing, firewall attacks, etc.
- They have colleagues and friends within the organization, so it’s much easier for them to use social engineering.
- Insiders with malicious intentions are highly motivated to harm their organization.
What are the reasons for insider malicious actions?
Financial gain is one of the primary motivators for employees to engage in malicious activities against their employers. In most cases, this involves the theft of sensitive information to sell it to third parties, such as competitors. Cybercriminals also purchase such data on the dark web to use it to attack businesses.
Terminated employees may act maliciously as revenge. They can still access work accounts if their access isn’t revoked. This can lead to harm, even with connections to current employees.
Unhappy employees may also act maliciously, seeking retribution against their employer for perceived wrongs, such as not receiving a raise or promotion.
One type of malicious activity that is worth noting is when insiders are colluding with external parties to breach an organization is a form of malicious activity. Cybercriminals enlist insiders to execute attacks, and third parties may partner with employees to access confidential information.
To combat malicious insider threats, Kaspersky recommends:
Implementing cybersecurity training to raise awareness among employees and to prevent intentional information security policy violations. To boost security awareness among general employees, educate them with the Kaspersky Automated Security Awareness Platform training program, which teaches safe internet behavior.
Investing in relevant training programs for IT security specialists. Kaspersky Cybersecurity for IT Online training helps build up simple yet effective IT security-related best practices and simple incident response scenarios for generalist IT admins, while Kaspersky Expert Training equips your security team with the latest knowledge and skills in threat management and mitigation.
The Advanced Anomaly Control feature within Kaspersky Endpoint Security for Business Advanced, Kaspersky Total Security for Business and Kaspersky Endpoint Detection and Response Optimum helps prevent potentially dangerous activities by the employee or in case an attacker has seized control of the system.
Controlling and limiting the use of personal devices and third-party applications and services. Kaspersky Endpoint Security for Business and Kaspersky Endpoint Security Cloud offer Application, Web and Device controls which limit the use of unsolicited apps, websites and peripherals, significantly reducing infection risks even in cases where employees use devices, applications or services that are not sanctioned by the company to transfer data.
Implementing products that allow an administrator’s rights to be limited only to those options that are really needed for work. Kaspersky Endpoint Security for Business offers role-based access to Kaspersky Security Center management console items, so not all administrators require full control over security functions.
Kaspersky Security for Internet Gateway also possesses content filtering, to prevent unsolicited data transmission regardless of its type, platform protection status, or user behavior at the endpoints inside the network.