by cybersecurity expert and J2 Software CEO John Mc Loughlin
Companies have become increasingly aware of the risk malicious insiders pose and with a potential economic downturn that will drive significant layoffs, it has never been more important for business leaders to understand the impact malicious insiders can have on a company’s security posture.
Employees that leave the company, voluntarily or not, present a real and ongoing risk for companies in today’s hybrid world. Often the individuals planning to leave a company aren’t pleased with their existing work environment and disgruntled employees usually carry a chip on their shoulder due to the company’s inability to alleviate any of their concerns.
These feelings escalate even more when it comes to unexpected layoffs and can be a powerful driver of insider threats, leading to the exfiltration of sensitive information.
The continued rise of the Super Malicious Insider presents a very real and scary risk for businesses in 2023. Because these individuals’ technical proficiency and acute awareness of the company’s existing cyber security architecture, solutions and processes surpass the capabilities of your average malicious insider, they are better able to evade detection.
Here are some of the scariest real-world examples of the super malicious threats the DTEX team has uncovered:
Ghost Employee Accounts
An individual maintained access to corporate systems and data after leaving their company by proactively creating another account prior to leaving. This was done because the individual suspected that the business would keep a closer eye on the activity of employees leaving the business for suspicious data loss or risky behaviours.
This persistent access was then used to steal customer data and sabotage the company’s operational pipeline by modifying purchase orders months after the individual was let go.
The Disgruntled Employee
As a result of perceived unfair treatment, an employee decided to steal their supervisor’s personal details (email, phone number, etc.) and leveraged the information to sign into various spam sites.
This resulted in the employer and their loved ones experiencing ongoing harassment, significantly disrupting their day-to-day lives. Ultimately, the incident forced the family to change all of their personal information.
The Social Engineering Scare
Another incident identified by the DTEX i³ team involved a disgruntled employee who socially engineered another employee to steal hundreds of thousands of customer records. In this example, the existing Identity and Access Management security solution had been correctly configured to allow only authenticated access, but an authorised download followed by a shared link using a company-approved file-sharing utility was all that was needed to gain unauthorised access.
Once the malicious employee gained access to the records, they archived the information and saved it to the draft’s folder of a personal webmail account for easy access and exfiltration. After the malicious insider secured a position at a new company, they sold the information on the dark web.
Super malicious insider threats can be detrimental to enterprises as these incidents can directly impact employees’ livelihoods by diminishing the company’s brand and/or causing irreparable damage to an individual’s reputation. These examples should serve as a wake-up call to security leaders that traditional DLP, UBA, and UAM tools aren’t sufficiently mitigating malicious insider threats.