After software development company Initech cut jobs as a result of an assessment from efficiency experts, three employees, Peter Gibbons, Samir Nagheenanajar, and Michael Bolton, developed a plan to get even with their company. They infected Initech’s accounting software with a virus designed to divert fractions of a penny into a personal bank account, and over time, their wealth would grow without the company noticing the missing funds. Due to a bug in the code, however, they ended up with over $300,000 in a matter of days, and hilarity ensued.
Okay, that’s the plot of the movie Office Space, and insider threats usually aren’t that funny. In fact, they are a growing concern for many organizations, and rightfully so. According to statistics published by Cybersecurity Insiders in their recent Insider Threat Report, 90% of companies feel vulnerable to insider threats. In the report, it states organizations are equally concerned about two primary types of insider threats:
- Malicious Insiders: Disgruntled current employees or ex-employees who Intend to directly harm the company through theft or sabotage
- Accidental Insiders: Employees who unintentionally cause harm by leaking sensitive information through negligence
What Should You Look For?
As defined by The Social Engineering Framework, an employee could become a malicious insider as a result of being overworked, underpaid, underappreciated, or passed up for a promotion. If that employee has privileged access to information, they can use those negative motivators to cause intentional damage. Often, a disgruntled employee may exhibit some behavioral changes, such as:
- Consistently arriving to work much earlier or later than usual
- Consistently staying later than usual
- Becoming more vocal about company disapproval on social media or in the workplace
- Isolating themselves from other employees or avoiding workplace socialization
What Can I Do To Prevent It?
To manage inside security risks, there are several steps you can take that help align your organization with security industry best practices:
- Actively apply the principle of least privilege, which states that user accounts should have the least amount of information privileges necessary for their job functions
- Document proper employee onboarding and offboarding procedures; offboarding procedures are especially important to ensure that former employees can no longer access company data
- Identify critical assets (e.g., data, processes, hardware) and ensure they are properly protected
- Conduct regular security awareness training to educate staff on insider and other cyberthreats
- Leverage 24x7 security monitoring to detect unusual outbound data traffic
- Segment your network and separate critical data
There are also steps that your organization can take to help alleviate employee stress, including:
- Holding stress relief seminars to educate your staff on ways to manage work-related and personal stress
- Enforcing mandatory time off and job rotation, where possible
When we think of modern IT cyber security threats, we often think of a distant hacker probing for gaps in our network, but we may not consider the threat down the hall. Successful insider attacks are extremely damaging, but implementing security best practices can help protect your environment.