The Insider Threat

We have all heard about how the insider can wreak havoc on your business. Yet, business owners and other staff don’t understand how much actual damage they can do.

From a Business Security perspective we’ve definitely experienced people in the workplace who:

  • are self-important
  • always in a hurry
  • not focused on the business at hand.

These Insiders can also have a detrimental impact on business security.

Here are 7 types of Insider Threats who make the insider threat real to any organisation.

1. Convenience seekers – bypass protocol, too hard, too busy

We have all seen them in business.   They jump here and there and start a huge number of jobs but never finish them, or finish them haphazardly.

They are more interested in their own work, not in keeping the company safe. Passwords, Updates and scans are usually bypassed. When something goes wrong, it is never their fault. Clicking on an email link without using commonsense is a primary example.

They are the first to complain about the time it takes IT support to remove a virus. By bypassing the organisation’s Cybersecurity, they put the whole organisation in danger.

Solution – get them to slow down, their job is no more important than anyone else’s.

2. The accidental victim – makes mistakes, doesn’t think

These are the people who are too timid at work. They fear making mistakes, but, by fearing reprisals and keeping quiet, they are the victim. The company suffers as well.

The accidental victim is either an older employee, or a new starter. They are very noticeable in not for profit organisations.

Solution – Provide education and training in the use of computers. Explain what’s expected in their role within the organisation.

3. They know everything – oversharing

This person is very good at big-noting themselves. They use their knowledge of the organisation to place themselves in avoidable situations. They overshare critical and confidential information in email. They don’t think about the consequences of sharing on social media and also in meetings.

Solution – separation of information,  restrict access to the information within the organisation.

4. Untouchables – it will not happen to me

We get these type of people in all types of business.  They are the second cousin to number 1.  I am not a target of cybercrime, it will never happen to me because I have nothing worth stealing.

With technology changes over the years, a bored 14 year old can be the attacker. Access to the internet is their tool. Every internet user or business is a target. Anyone can be attacked and everyone needs to take the necessary precautions.

.Solution – providing education and training.

 5. Entitled ones – access to everything because they ‘want to know’

The Entitled employee is one of the most dangerous non-malicious insider. Their laptops or tablets have the organisations secrets and use free wifi in cafes. They have no business reason to keep all that critical information, but they have to have it.

This means that there is a greater risk of the company information either stolen or attacked.

Solution – need to know.  Stop allowing access to data by staff who don’t need it. Segregate it into public, commercial in confidence and critical.   If someone does not need the information then deny access to it.

6. Traitors – malicious insiders

Previous to this one, the insiders have been the result of stupid behaviors. The Malicious Insider is a malicious person. Their focus is on them. For whatever reason, they might intend to leave, have a grudge against the company or an employee. They won’t hesitate to go to your competition with all your corporate data.

Solution – at the first whiff of someone leaving walk them out the door. Don’t keep a bad apple in the basket. 

7. The secret insiders – the bad guys, in the first stages of an attack

These are the true bad guys, the ones you should be protecting your organisation against.  They may have infiltrated your organisation via one of the other insiders, and are now able to do damage. They could have become an insider through social media, email or web based attack. The secret insider isn’t an employee. They are not answering to your policies and procedures. They will damage your organisation, because you don’t have protections.

Solution – increase awareness, do a penetration test and review the report, then do it all again. Regularly.

These Insider Threats are the ones we have come across.   Some can be a combination of one, two or three traits.  The best way to protect yourself from the insider is to pay attention to your staff and your management.

The best way to find out what your organisation needs to do to be safe is to:

1. Use the CareMIT Digital Diagnostic Tool

2. Come to one of our regular quarterly “Security Board Meetings