Insider threats are security threats to business information systems that come from people within their own organisation. The source of an insider threat comes from existing employees, former employees that retain systems access, and even contractors or business associates that are granted access to a company’s IT systems. Insider threat activity can include fraud, theft of confidential or commercially valuable information, theft of intellectual property, and even sabotage of computer systems.
The difficulty with protecting against insider threats is that they emanate from individuals who have legitimate access to the company’s computer systems. As a result, oftentimes no actual breach takes place in terms of a system being “hacked”, rather the trust that is granted to individuals alongside the access rights they are afforded is being broken.
In some instances, security systems are breached by insiders, and they are able to do so because they are familiar with how the organisation handles their data and intellectual property. More importantly, they are familiar with the systems in place to protect them. This familiarity means that an insider has more readily available opportunities to understand how to breach security protocols just by virtue of the fact that they have a closeness to their own working environment. As an example, an insider intent on committing a security crime may use closeness and even friendship with colleagues to gain password details of other users.
Because “insiders” are actually located inside the premises of their intended victim (typically their own employer) they need not hack past network security systems such as firewalls to get in. Being physically located inside the building means many systems are immediately open and accessible.
Types of insider attacks include:
Password theft and identity fraud
Malicious sabotage of systems or data
Stealing sensitive data for industrial espionage
Stealing data for political beliefs
Shutting systems down to cause disruption
Inserting malicious code such as ransomware
Since the insider often uses legitimate access rights, it makes defending against their attacks much harder for the companies and their security professionals.
People who commit an insider attack could be motivated for multiple reasons. These include, disgruntled workers (e.g. employees who are overlooked for promotion), recently fired workers, people that get on the inside with the pre-intention of committing cyber-crime, opportunists who see a way to make money from insider cyber-crime, people that are bribed by outside interests to commit cyber-crime.
Companies can and should implement best practice to protect against insider threats. This would include making sure passwords are regularly changed, keeping them updated as well as making sure those who have access to company information are trustworthy and vetted.
Understanding proper protocols and security measures such as Identity and Access Management (IAM) and Privileged Access Management (PAM) will make sure businesses are well protected against insider threats. Companies like BeyondTrust and SailPoint specialise in these measures. For further information on how to properly protect company information from insider threats, please see the link attached.