Insider threats: the risks employees can pose
Image courtesy G4S
If asked to describe a physical security breach that can impact a company, most people would think of an external criminal intent on harming an organisation. Yet what if the attack comes from within? Perpetrated by someone you should be able to trust?
Insider threats are a serious security risk that every business must prepare for. Failing to do so could be reputationally or financially damaging.
According to G4S’s first-ever World Security Report, internal threats are expected to increase next year, with 92% anticipating their company will be targeted.
What is an insider threat?
An insider threat is carried out by someone who exploits their ‘authorised’ access for ‘unauthorised’ purposes.
The employee, subcontractor or someone permitted to work within your organisation can get their hands on confidential or sensitive information, data or communications.
They may then hold the organisation to ransom in order to return what they have stolen, they may leak the information into the public domain, or they may choose to sell the stolen material to a third party or hostile state.
Types of insiders
Threat actors who commit an insider threat are usually classified as a ‘knowing insider’ or an ‘unknowing insider’.
A knowing insider is someone who deliberately uses their access on purpose to cause harm.
They are often motivated by financial gain. Or, sometimes they are stealing company data to gain a competitive edge for a new venture or may be disgruntled. Usually, they are a lone wolf who acts on their own without any other influences.
For example, a system administrator or database admin may abuse their high level of privilege. They could access valuable items, sensitive information or money. This is often difficult to prevent.
This person is someone the company once trusted with sensitive information and access. But, something happened to make this employee feel disgruntled and aggrieved. They want to “get even”, due to unfair termination, a lack of recognition or some other slight. Or, they may be someone who suddenly finds themselves in difficult circumstances in their personal life. In this case, desperation weakens their personal resilience and leads them to commit malicious acts.
An unknowing insider is someone who may not fully understand what they are doing, or becomes an Insider threat by mistake.
An example could be an employee who forgets to log out of their work account on a public computer; leaving it vulnerable for others to access. Or, someone who accidentally loses a flash drive or classified papers that contain sensitive information. There have been many examples of this - most recently in the United States with both the current and former President being investigated for retaining classified documents at their homes.
It is easier than you think to mistype an email address and send sensitive information to the wrong person.
Unknowing insiders can also be unaware that they are being taken advantage of by others. They might download malware, give information to scammers or click on a link in a phishing email.
Insider threats data
Worryingly, internal threats are increasing. Eighty-nine per cent of CSOs say their company experienced some form of internal threat in the last 12 months according to the World Security Report and this is expected to increase to 92% in the year ahead. It highlights that “Misuse of company resources or data” is the most common internal threat, with 35% having experienced this, followed closely by “leaking of sensitive information” at 34%. This threat is expected to become the biggest internal threat in the next 12 months, plus “Misuse of company resources or data” has the strongest correlation with “implementing more effective security”. This was the internal incident most likely to drive companies to improve their security in the last year.
Also, “Unauthorised access to company resources or data", “industrial espionage” and “intellectual property theft”, are all expected to increase in the next year. Perceived financial gains may entice a company employee to share confidential information in exchange for payment.
Insider threat case studies
Insider threats make headlines; news outlets regularly report on high-profile or unusual incidents - which can damage a brands reputation in the media, with customers and stakeholders.
In October 2023, a man was seen urinating into a vat at a Tsingtao beer factory. Tsingtao’s stock price slumped 7.5% on the Shanghai Stock Exchange over the course of a week.
The British Museum announced in August 2023 that up to 2,000 objects from its storerooms were missing, stolen or damaged. An employee was dismissed and the police are investigating.
A European news site reported in March 2024 that sensitive files of top law enforcement officials at Europol had gone missing, sparking a crisis. Politico reported that: 'a clutch of highly sensitive files containing the personal information of top law enforcement executives went missing last summer. They were supposed to be under lock and key, in a secure storage room deep inside Europol's headquarters in The Hague'. An employee was also dismissed on this occasion.
How to prevent an insider threat
Fostering a culture that combines security awareness alongside up-to-date equipment and technology is the best preventative measure.
Employees should be regularly trained to identify phishing attempts and suspicious behaviour, as well as reminding them of data security protocols. They should also only have the access they need to certain documents and areas of a building.
Additionally, implementing strong access controls restricts digital and physical theft or leakage. Ideally, access controls should be enhanced with surveillance technology. When employees know the cameras are on them, it’s harder to do anything deceitful. Cameras can also help with the issue of people using each other's access cards. The CCTV footage will show who actually entered any specific area and exactly what they did there.
CCTV will never be enough by itself, but should be part of a full security system and monitored by a well-trained team.
To download further information on Insider Threats, click here.
