How To Protect Enterprise From Malicious Insider Threats

When we think about cybersecurity, we probably imagine an outlander pursuing internet-based attacks to hurt our business and fulfill their malicious intentions. However, threats and crimes originating from within the organization, with a sense of damaging the company, are just as common and disastrous and are called malicious insider threats. According to Ponemon Cost of Insider Threats Global Report, 2022, “Malicious insiders caused 26% or 1,749 incidents at an average cost per incident of $648,062”. 

What are Malicious Insider Threats? 

A malicious insider is a person carrying legitimate authorized access to your company system, data, and applications and intentionally misuses them to negatively impact the confidentiality, integrity, and availability of your organization’s information and systems. These individuals could be your current employee, past employee, contractor, vendor, or business partner. Malicious insiders can cause harm such as: 

• Theft of sensitive data 

• Disruption of business-critical processes 

• Sabotage IT infrastructure 

• Sell/share confidential information to third-parties 

A disgruntled employee, the former employee still owning the access to the company credentials, an employee who has been fired, or whose employment has otherwise been terminated, could commit these crimes. Besides, knowing the value of your information and vulnerabilities, these insiders can cause catastrophic disasters to the company. 

Examples of Malicious Insider Threats  

Example #1 

In 2018, a Tesla employee conducted “extensive and damaging sabotage” on Tesla, as stated by Elon Musk. This employee was unhappy as he expected a promotion but did not get it. Consequently, this employee changed the code to an internal product and shared data with outsiders.  

Example #2 

In 2016, a Waymo (Google founded company that develops autonomous cars) employee, Anthony Levandowski, departed and helped himself with a wealth of company data on the way out. He stole information like source code snippets, diagrams and drawings of simulation, marketing information, and more. After leaving, he built his new self-driving truck company, Otto, which Uber later purchased (primarily for trade secrets). It’s investigated that this employee was not happy at this workplace, and had downloaded 14,000 files from an internal password-protected Google server, causing the crime. 

How to Prevent Malicious Insider Threats  

When it comes to MIT, it’s not a question of if but when. Thus, taking a proactive approach is an effective way to protect your enterprise and here are a few measures that help. 

1. Train your employees on how to prevent attacks like phishing and how they can report to IT or HR should they detect anything suspicious about their peers. Moreover, fostering a culture of open communication and transparency encourages ethical behavior.  

2. Employing solutions like UBA (user behavior analytics) tracks, collects, and analyses user behavior and brings any suspicious or abnormal activities to light in a timely fashion. 

3. Restricting privileged access is effective as it lets employees access data that are critical to their job and protect sensitive data. 

Final Words 

Malicious insider threats are a growing concern for businesses of all sizes. Thus, protecting your data and taking a proactive approach go a long way in safeguarding your company against future attacks. 

The author is Vice President – International Sales at Array Networks