By and large, increasing technological capabilities have been described as a source of Insider Threat. Remote working, internal network access and BYOD are some examples of the disruptive technologies detrimental to an organisation’s information security. However, Insider Threat is more about people, policies and planning than technology, according to an RSA Conference.
Most physical and technological attacks can be assisted or conducted by an insider, but certain attacks can only be conducted by insiders – release of proprietary information, or the sabotage of assets accessible by employees. It is this human element, the organisation’s greatest asset and risk, that can cause the most damage. A malicious insider with authorised credentials can orchestrate an unauthorised act and steal copious amounts of information.
More often than not, Insider Threats occur at three stages: pre-employment, during current employment and post-employment. For the most part, employees do not join an organisation with the intention of harm; moreover, there exist stringent screening procedures that deter the entry of malicious employees. Nevertheless, people change with circumstances – recession, job dissatisfaction, revenge (disgruntled employees) and greed (feeding information to a competitor).
According to CERT: Common Sense Guide to Prevention and Detection of Insider Threats, 65% of all IT sabotage attacks are non-technical and 84% of all attacks for financial gain were also non-technical.
The non-technical nature of attacks demonstrates the pivotal role that a human element plays in unethical data transfer. Insider Threats can be caused consciously or unconsciously. There exist several different types of Insider Threat actors representing crucial challenges to organisations:-
- Compromised: insiders with authorised credentials or devices that have been compromised by an external threat actor. Given the attack is coming from outside, it is more challenging to address such an attack; it has a much lower risk of being identified.
- Unwitting: insiders who expose data accidentally. For instance, plugging in a USB device to determine its owner may result in the installation of malicious software, leading to a data breach. A large number of data loss incidents occur due to employee negligence towards security measures, policies and practices.
- Witting: insiders who make a conscious decision to provide privileged information to an unauthorised party for either personal gain or malicious intent. For instance, a disgruntled employee who downloads sensitive files in his/her personal device.
- Tech-savvy: insiders who apply their knowledge of weaknesses and vulnerabilities to breach clearance and access sensitive information. They are more than likely to sell confidential information. IT fraud can be committed by anyone within an organisation, and not always with malicious intent.
Additionally, an insider threat is not only limited to employees but also to contractors (third-parties), business partners and clients. Within many legal frameworks, organisations may be at risk of loss due to data breach by any business entity associated with the organisation. The information flow among business entities is immense and vulnerable; scores of direct and indirect threats can potentially destroy an organisation’s standing. Bad actors may use blackmail, coercion or offer money to persuade employees and other insiders to share top organisational secrets. Although the anatomy of these threat actors is different, they can be equally damaging.
What is it that corporate can do to prevent such acts?
More from Awareness
When an organisation recruits employees, especially highly visible senior officials who become part of organisation’s image, it strongly influences confidence …