If we use the analogy that the business and office you work in is like our home. Not dissimilar to a house, the office holds things, tangible and intangible, that are near and dear to you. It’s a haven where everybody feels safe and sound and knows nothing can betray this space so that you can work openly and freely and creatively.

In this case, a malicious insider takes the role of a potential intruder. This intruder and the motives may be unclear. Generally, there are three types of intruders, the one with the goal of personal gain, the mole, and the ‘innocent’ individual who clicked on the link -he was told not to- anyway. 

The first type -the intruder out to gain something- is out to abuse their power and position. This intruder can enact many things from leaking sensitive documents to sharing intellectual property to the competition, generally for financial gain. A classic example is an individual who has set their sights on another company -typically, a competitor- who will sell the competitor confidential information, be it client lists or sensitive information. This act could be rewarded financially or through a seat at the table of the competition. This intruder could easily thwart a business that does not have a layered security strategy in place.  

On the other hand, a mole is an individual planted most often by the competition, whose sole purpose is to ingest and relay any information that the competition or person/group with malicious intent has requested. Benefits could range from promotion, financial gain, and or satisfaction in knowingly harming the business in question. Essentially, this type will act as a monitoring device, and depending on the position, could gain a significant amount of confidential information.

The third and generally common type is that of the employee who ‘accidentally’ clicks on a link with malware or an exploit leading to the infection of the entire system and potentially the network in the process. Ransomware is an easy example, and many victims increasingly fall prey to malicious actors. If kept unmonitored, the pinhole opened by the intruder will quickly turn into a significant hole, exposing the entire ecosystem to further threats. This common mistake can cost the company its top-secret information unknowingly. A question may arise around who’s to say who’s at fault?

Some instances above describe a motive to harm, while others may not have the intension outright. Intruders, or more commonly known as the malicious insider, could easily corrupt your system, wipe out your data, or hack into your data to benefit someone else. Unkept and unmonitored, this could easily bankrupt your business.

How do you thwart the threat? Well, malicious insider threats can be harder to detect than outside threats. They often slip their way inside your traditional security firewalls and external threat chambers, as they are known and usually authorized by the business. A malicious insider may have an inherent knowledge of the environment and circumvent the protection mechanisms to get what he needs to avoid detection.

Read on to understand some of the key signs.

1. Employees suddenly working overtime or taking on big projects could be an indicator of malicious activity.
2. An employee is requesting access to resources without a valid reason.
3. Anonymous activity at a network level could indicate a threat.
4. Suspicious access, data transfer during non-business hours, resource access by individuals not meant to be there could be an indicator that something is not quite right.
5. VPN access from an unknown location.

These signs can quickly be addressed with tools and systems already in place within the business through simple due diligence and configuration. Always adopt a layered security approach and consider the following:

1. Always adopt a model of least privilege.
2. Enforce password complexity over constant password change
3. Check your logs. These are the digital footprints of a network and system.
4. Add preventative measures as layers of security within your environment.
5. Monitoring the environment proactively through external support or internally
6. User awareness and training.
7. Compartmentalize information assets and routinely check access rights.

Security has always been considered a significant concern. Now more than ever with COVID-19, it is essential that you take an active role in security to mitigate the risks associated with malicious insiders.

At Verve X our heritage is security. We are here to support you in understanding your requirements and translating that into measurable outcomes and objectives aligned with your business needs. COMPANY A provides several vital services such as IT managed service, vulnerability, and penetration testing, to managed services supporting our customers along their journey.

If you are interested in a ‘no-nonsense’ session with our experts, please do not hesitate to contact us. We would like to understand your requirements and pain points in detail to define a plan that ultimately aligns with your business objectives with a cost-effective service that aligns with your budget. It is never too late to start the journey into a more secure and cost-effective space. We offer a free consultation to kick-start your journey.

Please don’t wait until it’s too late.