Cyber incidents caused by the ‘human factor’ are usually attributed to occasional employee errors, but one more important element is often overlooked: deliberate malicious behaviour by staff. A new Kaspersky study found that in the past two years, 87 per cent of companies in UAE have faced cyber incidents in different forms, 25 per cent of which were caused by deliberate malicious behaviour by employees.
There are two main types of insider threats: unintentional and intentional. Unintentional, or accidental threats are employee mistakes such as falling for phishing and other social engineering methods, or sending sensitive and confidential information to the wrong person, etc.
In contrast, intentional threats are perpetrated by malicious insiders who deliberately hack into their employer’s systems. They usually do so for financial gain from the sale of sensitive data or as an act of revenge. Malicious insiders aim to disrupt or stop an organisation’s regular business operations, expose IT weaknesses and obtain confidential information.
Insiders with malicious intentions are the most dangerous of all employees who can provoke cyber incidents. Threats posed by their actions are complicated by several factors:
• Insiders have specific knowledge of an organisation’s infrastructure and processes, including understanding of the information security tools used.
• They are already inside the company’s network, and do not need to penetrate the perimeter from outside via phishing, firewall attacks, etc.
• They have colleagues and friends within the organisation, so it’s much easier for them to use social engineering.
• Insiders with malicious intentions are highly motivated to harm their organisation.
One of the main reasons for employees to commit malicious actions against an employer is financial gain. Often it means stealing sensitive information with the intention of selling it to a third party: competitors, or even auctioning it on the dark web where cybercriminals buy data to attack businesses.
When an employee has been fired, malicious behaviour might take place out of revenge. This can be conducted through their connections with other employees. But the worst-case scenario occurs if they still can log into their work account remotely because the organisation hasn’t removed their ability to access corporate systems.
Employees can also act maliciously when they are unhappy with their job or ‘to get even’ with an employer who didn’t give them an expected raise or a promotion.
Another distinctive type of malicious action occurs when one or more insiders collaborate with an external actor to compromise an organisation. These incidents frequently involve cybercriminals recruiting one or more insiders to carry out different kinds of attacks. There may also be cases in which third parties, such as competitors or other interested parties, collaborate with staff to obtain the company’s sensitive data.
“Malicious actors can be discovered anywhere – in huge enterprises or small businesses, you never know. That’s why businesses should build an up to date, resilient, transparent IT-security system, uniting effective security solutions, smart security protocols and training programs for both IT and non-IT staff to safeguard against this threat. Additionally, it’s crucial to implement products and solutions that will protect the organisation’s infrastructure. For example, our Kaspersky Endpoint Detection and Response Optimum contains Advanced Anomaly Control which helps detect and prevent suspicious and potentially dangerous activities, both by an insider working in a company or an actor outside the organisation,” said Alexey Vovk, head of information security at Kaspersky.
To combat malicious insider threats, Kaspersky recommends:
• Implementing cybersecurity training to raise awareness among employees and to prevent intentional information security policy violations.
• Investing in relevant training for IT security specialists.
• Controlling and limiting the use of personal devices and third-party applications and services.
• Implementing products that allow an administrator’s rights to be limited only to those options that are really needed for work.