Malicious insider risk is a concept that fills every manager’s stomach with dread. After all, no one wants to think that the coworkers they spend time with every day and rely on to drive company success aren’t actually on their side at all. Unfortunately, malicious insiders are a cybersecurity risk that every business must face. Almost 25% of insider incidents that businesses face every year are caused by malicious insiders. While security professionals don’t underestimate the power of a malicious insider and the damage that person can do, there may be a few circumstances that foster malicious insider activity that are still flying under the radar.
The top motivation for malicious insiders never really changes: Money. The 2021 Verizon Data Breach Investigations Report notes that 70% of malicious insider data breaches are financially motivated, unsurprising in a challenging economy. Another 25% of malicious insider incidents are motivated by more standard espionage. In those incidents, bad actors stole formulas, blueprints, research data, client lists and other proprietary data from their employer that could benefit a rival company. However, some employees are just really, really mad - around 4% of malicious insider incidents are caused by angry employees who want to damage the company.
Threat One - Key Data Theft Scenarios: One of the most basic actions that a bad apple can take to make money from their insider status is data theft. Dark web data markets are booming, and data is at a premium. Malicious insiders are the catalyst for an estimated 25% of all data breaches. This is a possibility that most IT professionals keep in mind. However, in the case of data theft, there are a few other malicious insider possibilities that might not be as obvious but are just as damaging. It’s possible that the malicious inside actor involved in a data breach incident doesn’t even work at the impacted company anymore. An estimated 45% of employees download, save or send work-related files before they leave their job, and not everyone is harmlessly grabbing a few things to spruce up their portfolio. Employees that are being laid off or terminated are especially dangerous and should be considered strong malicious insider threat risks. Over 90% of malicious insider incidents are preceded by employee termination or layoff.
Threat Two: Cryptomining and Bot Deployment: Another possibility doesn’t involve employees taking anything out of a business. Instead, they’re bringing something nasty in. Cryptocurrency is one of today’s hottest commodities, and that makes Cryptomining and bot deployment very lucrative. Employees with a modicum of tech savvy can manipulate their company’s IT environment in several dangerous ways to facilitate cryptomining, sabotaging their company’s overall security. It’s an unexpected risk that was highlighted in the 2021 Cisco Cyber Security Threat Trends report because of the traffic it generates and the people involved. Researchers concluded that almost 70% of organizations have experienced some level of unsolicited cryptomining in the last 12 months, cautioning that cryptomining can be a gateway to other serious and damaging incidents. The report also notes that the discovery of cryptomining in a company’s IT environment is a red flag that could indicate the presence of a bad actor.
Malicious insider risk isn’t slowing down. In fact, malicious insider threats have surged, increasing by 47% in two years and more than 40% in 2021 alone. It is mission critical for companies to act now to reduce their exposure to insider risks, especially new risks that they may not be expecting. By taking sensible precautions like implementing multifactor authentication for every user, moving to a zero-trust security model and most importantly, fostering a strong security culture through training and support, organizations can reduce the chance that a malicious insider in their environment causes an IT disaster.
ID Agent provides the leading Dark Web monitoring and security awareness training solutions to MSPs worldwide. The cybersecurity awareness training and phishing simulation platform is geared to the non-technical end user, to enhance a company’s overall cybersecurity and further safeguard corporate systems. To learn about enhancing your security stack and realizing ROI fast, schedule a demo.
This guest blog is courtesy of ID Agent, a Kaseya company. Read more Kaseya guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.