BusinessCyber Security

Insider Threats: Staff’s Malicious Actions Bring Risks to Cybersecurity in Businesses

74
(source: Kaspersky)

Many cyber incidents that occur due to human error are often attributed to accidental mistakes made by employees. However, a crucial factor is often overlooked: intentional malicious behavior by staff. 

A recent study by Kaspersky revealed that over the past two years, 77% of companies worldwide have experienced cyber incidents, and one-fifth of these incidents were caused by deliberate malicious behavior by employees.

Two former Tesla employees shared the personal information of 75,735 current and former employees with a German newspaper. The company discovered the breach on May 10 through Handelsblatt. Maine regulators were notified on August 18.

Insider threats: what you need to know

What are insider threats?

There are two main types of insider threats: unintentional and intentional. 

Unintentional or accidental threats are employees’ mistakes, such as falling for phishing and other social engineering methods or, sending sensitive and confidential information to the wrong person, etc.

Malicious insiders who intentionally hack into their employer’s systems perpetrate intentional threats. Their motivation for doing so is usually financial gain from selling sensitive information or as an act of revenge. The primary objectives of malicious insiders are to disrupt or halt an organization’s regular business operations, reveal IT vulnerabilities, and gain access to confidential data.

Insiders with malicious intentions are the most dangerous employees who can provoke cyber incidents. Threats posed by their actions are complicated by several factors:

  • Insiders have specific knowledge of an organization’s infrastructure and processes, including understanding the information security tools used.
  • They are already inside the company’s network and do not need to penetrate the perimeter from outside via phishing, firewall attacks, etc.
  • They have colleagues and friends within the organization, so it’s much easier for them to use social engineering.
  • Insiders with malicious intentions are highly motivated to harm their organization.

What are the reasons for insider malicious actions? 

Financial gain is one of the primary motivators for employees to engage in malicious activities against their employers. In most cases, this involves the theft of sensitive information to sell it to third parties, such as competitors. Cybercriminals also purchase such data on the dark web to use it to attack businesses.

Terminated employees may act maliciously as revenge. They can still access work accounts if their access isn’t revoked. This can lead to harm, even with connections to current employees.

Unhappy employees may also act maliciously, seeking retribution against their employer for perceived wrongs, such as not receiving a raise or promotion.

One type of malicious activity that is worth noting is when insiders are colluding with external parties to breach an organization is a form of malicious activity. Cybercriminals enlist insiders to execute attacks, and third parties may partner with employees to access confidential information.

To combat malicious insider threats, Kaspersky recommends:

Written by
Tech Beat Philippines

Tech Beat Philippines is the social media news platform for all things technology. It is also a part of the GEARS section on Daddy's Day Out.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Daddy’s Day Out is a platform that celebrates modern masculinity and offers a space where men can unite, learn, and grow together. It fosters a community where authenticity, support, and self-expression thrive unapologetically.

Related Articles

Infinix Hit USD100 Million Milestone in Shopee’s Brand Partners Club

This year, Infinix achieved a significant milestone by surpassing a total sales...

Acronis Releases Cyber Protect 16: Redefining the Benchmark for Cybersecurity and Data Protection

Leading cyber protection provider Acronis announced the release of Cyber Protect 16....

1-in-2 Cybersecurity Professionals Say Formal Education Useless in Current Job ― Kaspersky

Kaspersky’s recent global research has found that acting information security (InfoSec) experts...

1 in 3 Filipinos Face Threats from USBs, Removable Devices, Reports Kaspersky 

Kaspersky advises Filipinos to scan USBs for local threats after 36.80% were...