The recent wave of ransomware attacks across Asia and the world has once again turned the spotlight on security in the cyber world. Despite an organisation’s best efforts, ‘insider threats’ can compromise the security of a firm and its data. In the current scenario, it is beneficial for firms to have an understanding of the nature of these ‘insider threats’.

Data leaks, data theft, hacking, data corruption; all are examples of insider threats triggered by technology. By and large, increasing technological capabilities have been described as a source of insider threat. Remote working, internal network access and BYOD are some examples of the disruptive technologies detrimental to an organisation’s information security. However, insider threat is more about people, policies and planning than technology, according to an RSA Conference.

Most physical and technological attacks can be assisted or conducted by an insider, but certain attacks can only be conducted by insiders - release of proprietary information, or the sabotage of assets accessible by employees. It is this human element, the organisation’s greatest asset and risk, that can cause the most damage. A malicious insider with authorised credentials can orchestrate an unauthorised act and steal copious amounts of information. More often than not, insider threats occur at three stages: pre-employment, during current employment and post-employment. For the most part, employees do not join an organisation with the intention of harm; moreover, there exist stringent screening procedures that deter the entry of malicious employees. Nevertheless, people change with circumstances - recession, job dissatisfaction, revenge (disgruntled employees) and greed (feeding information to a competitor).

According to CERT: Common Sense Guide to Prevention and Detection of Insider Threats, 65% of all IT sabotage attacks are non-technical and 84% of all attacks for financial gain were also non-technical. The non-technical nature of attacks demonstrates the pivotal role that a human element plays in unethical data transfer.

Insider threats can be caused consciously or unconsciously. There exist several different types of insider threat actors representing crucial challenges to organisations:-

• Compromised: Insiders with authorised credentials or devices that have been compromised by an external threat actor. Given the attack is coming from outside, it is more challenging to address such an attack; it has a much lower risk of being identified.
  
  
• Unwitting: Insiders who expose data accidentally. For instance, plugging in a USB device to determine its owner may result in the installation of malicious software, leading to a data breach. A large number of data loss incidents occur due to employee negligence towards security measures, policies and practices.
  
  
• Witting: Insiders who make a conscious decision to provide privileged information to an unauthorised party for either personal gain or malicious intent. For instance, a disgruntled employee who downloads sensitive files in his/her personal device.
  
  
• Tech-savvy: Insiders who apply their knowledge of weaknesses and vulnerabilities to breach clearance and access sensitive information. They are more than likely to sell confidential information.

IT fraud can be committed by anyone within an organisation, and not always with malicious intent. Additionally, an insider threat is not only limited to employees but also to contractors (third-parties), business partners and clients. Within many legal frameworks, organisations may be at risk of loss due to data breach by any business entity associated with the organisation. The information flow among business entities is immense and vulnerable; scores of direct and indirect threats can potentially destroy an organisation's standing. Bad actors may use blackmail, coercion or offer money to persuade employees and other insiders to share top organisational secrets. Although the anatomy of these threat actors is different, they can be equally damaging.

To explore business opportunities, link with me by clicking on the 'Invite' button on my eBiz Card.

Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views, official policy or position of GlobalLinker.