Malicious Insiders

Malicious Insiders            

Malicious insiders can be employees, former employees, contractors or business associates who have legitimate access to your systems and data, but use that access to destroy data, steal data or sabotage your systems. It does not include well-meaning staff who accidentally put your cybersecurity at risk or spill data.        

There are many reasons an insider can be or become malicious including revenge, coercion, ideology, ego or seeking financial gain through intellectual property theft or espionage. They could:

• impact external sites, creating public damage to your brand
• prevent your systems from functioning properly
• steal or sell business trade secrets or intellectual property (IP)
• install malware for their own purposes.

Malicious actors can use employees whose trust they have gained to access your business systems and accounts. Employees could provide information to a malicious insider unknowingly, or mention sensitive details in trust.

How to protect against malicious insiders will depend on your organisation, systems, culture and business processes, and how well this is communicated and understood by staff.

A malicious insider's system access and knowledge of your business processes (particularly its checks and balances) can make them hard to detect. But there are practices you can put in place to reduce the risk of a malicious insider in your organisation.

Technical Controls

• Control removable storage - secure your network
• Control outbound email and files - block stolen data being sent to external email addresses or via Dropbox
• Backups - Deliberate destruction of systems - keep regular backups and secure them. Ensure you have WORM backups Write-Once-Read-Many.
• Strong passwords and multi factor authentication.
• Access Controls
• Restrict access to only what staff need.
• Use unique logons - do not share accounts
• Deactivate access immediately when staff leave and chnaged shared passwords like WIFI =, bank accounts, remote access and administrative or privlidged accounts.
• Auditing and logging in place and review reguartly
• Focus on your culture - the more integrityy and transparency leads to more honesty
• Business processes like background checks are necessary
• IT Staff privileged access is a common attack vector
• Staff Education - make cybersecurity governance a priority in your organisation.