The Everyday Insider Threat

June 14, 2017 Matt Middleton-Leal

If you’ve ever worked in an office, you know that you can’t access any data you want. Some files are locked away from the everyday employee: out of sight and out of mind. Whether it’s your boss’ bonus, private emails between colleagues, company financials, performance reviews or information about yet-to-be-launched products and services, access to information is limited.

A lot of people are quite comfortable with this. However, a new survey we carried out found that over half (52%) of UK office workers would access sensitive company data if they knew they wouldn’t get caught. In fact, far from being a moral issue, one in five (21%) cited a lack of technical skills as holding them back from attacking their employer.

So, what could tempt employees into accessing company information?

The survey revealed a mix of motives, from wanting to make sure they were being rewarded fairly, to having suspicions the company was unethical or corrupt, to straightforward curiosity and office gossip. What was clear, though, is that very unhappy employees are twice as likely to want to spy on company information than their happier peers.

While disgruntled or angry employees only account for 26% of insider attacks, according to Forrester[i], they are the source of some of the most costly and difficult attacks to detect. The 2016 Sage Group data breach is just one example of an employee using an internal login to steal company data, temporarily rocking the reputation of the company and, indeed, its share price.

How should employers stop malicious insiders in their tracks?

First, we should recognise that most respondents weren’t out to deliberately cause the company harm. The majority simply wanted to get their hands on information about themselves and engage in idle gossip; just 2% said they would be prepared to sell information to competitors for financial gain or to blackmail their boss.

The basic rule in defending against malicious insiders is to address the threat, not the individual. Privileged access – not people – is the true insider threat. The process of securing privileged accounts should be on-going with continuous evaluation and adjustments to improve security as the business and threat landscape changes.

To effectively protect against insider threats, organisations should minimise user privileges to reduce the attack surface, lock down privileged credentials, and control and monitor privileged accounts, which are consistently targeted by insider attackers.

The threat from outside…..

While this survey highlights the potential mischief that employees can get up to without proper access controls, it’s also an important reminder of the threat that cyber attackers posing as insiders could pose.

If more than half of everyday workers would be prepared to access sensitive data, it’s not hard to imagine the damage a cybercriminal with advanced skills and malicious intentions could cause. They have no loyalty to the company and are more likely to be driven by financial or political motives over innocent curiosity.

Security teams have long known that one of the most effective ways for attackers to access sensitive data is to masquerade as a legitimate insider – using existing privileged credentials to achieve broad, unfettered access to a company’s most valuable assets. With cyber skills advancing all the time, and cybercriminals hiding behind valid credentials to avoid being caught, companies must be more alert than ever to stop unwanted insiders in their tracks and protect their most valuable information.

[i] “Understand The State Of Data Security And Privacy: 2015 To 2016”, Forrester Research, Inc., January 8, 2016

Previous Article
The NotPetya Global Pandemic – CyberArk Labs Analysis
The NotPetya Global Pandemic – CyberArk Labs Analysis

In May 2017, WannaCry took advantage of an exploit in the Windows operating system to usher in a cyber secu...

Next Article
WannaCry Deconstructed: Five Ways to Mitigate Ransomware Risks
WannaCry Deconstructed: Five Ways to Mitigate Ransomware Risks

Since launching on May 12, the WannaCry ransomware has made headlines around the world after infecting more...