data
Insider Threats: Malicious employees impact corporate cybersecurity
Cyber incidents caused by the "human factor" are often attributed to occasional employee error, but a more important element is often overlooked: deliberate malicious behavior by staff . Corroborating this fact, a new study found that, in the last two years, 67% of companies in Chile have faced cyber incidents, 17% of which were caused by deliberate malicious behavior on the part of employees.
When examining the "human factor," there are a number of elements that can negatively affect a company's performance, from common employee errors to poor budget allocation by decision-makers. But one of the most important factors that is often overlooked is the malicious actions of personnel.
In a recent Kaspersky study showing that, in the last two years, 17% of companies in the country suffered cyber incidents due to malicious behavior for personal gain exhibited by employees.
A recent case at Tesla illustrates the dangers of insider threats to business. Two former Tesla employees leaked the names, home addresses, phone numbers and email addresses of 75,735 current and former employees to a German newspaper. Maine regulators were informed of the incident in a data breach notification on Aug. 18, 2023, after the company learned of the leak on May 10 of the same year from the German media outlet Handelsblatt and conducted an internal investigation.
Insider threats: what you need to know
There are two main types of insider threats: unintentional and intentional. Unintentional, or accidental, threats are employee mistakes, such as falling for phishing and other social engineering methods, or sending sensitive and confidential information to the wrong person, etc.
In contrast, intentional threats are perpetrated by malicious individuals who deliberately hack into their own employers' systems. They usually do so for financial gain by selling confidential data or as an act of revenge.
They aim to disrupt or halt an organization' s regular business operations, expose IT weaknesses and obtain confidential information.
Insiders with malicious intent are the most dangerous of all employees who can cause cyber incidents. The threats posed by their actions are compounded by several factors:
-
They have specific knowledge of an organization's infrastructure and processes, including an understanding of the information security tools used.
-
They have colleagues and friends within the organization, so it is much easier for them to use social engineering.
-
They are already inside the company's network, and do not need to penetrate the perimeter from the outside through phishing, firewall attacks, etc.
-
Employees with insider information and malicious intent are highly motivated to harm your organization.
One of the main reasons employees commit malicious actions against an employer is financial gain. It often means stealing sensitive information with the intention of selling it to a third party: competitors, or even auctioning it on the dark web, where cybercriminals buy data to attack companies.
Employees may also act maliciously when they are unhappy with their work or "to get even" with an employer who, for example, did not give them an expected raise or promotion.
Another interesting type of malicious action occurs when one or more employees collaborate with an external actor to compromise an organization. These incidents often involve cybercriminals recruiting employees to carry out different types of attacks. There may also be cases where third parties, such as competitors or other interested parties, collaborate with staff to obtain sensitive company data.
... employees can also act maliciously when they are unhappy with their work or "to get even"...
"Malicious actors can be discovered anywhere: in large or small companies, you never know. That's why companies must build an up-to-date, resilient and transparent IT security system that brings together effective security solutions, smart security protocols and training programs for both IT and non-IT staff to protect against this threat [...]," says Alexey Vovk, chief information security officer at Kaspersky.
At ANIDA LATAM we are committed to offer, create and devise cybersecurity strategies for our clients and prospects that allow them to have technology, tools, implementation services and managed services through our Security Operations Center (SOC). Learn more here
Source: Online World
