The Threat Down the Hall

In the modern workplace, it’s more important than ever to be on the lookout for insider threat indicators. Dataprise offers robust managed security services and enhanced data protection which can help your organization address insider threat security concerns. Insider threats come in many shapes and sizes which makes preventing, identifying and resolving these types of attacks difficult without a managed security service provider at your disposal; some insider threat indicators are more apparent than others.

After software development company Initech cut jobs as a result of an assessment from efficiency experts, three employees, Peter Gibbons, Samir Nagheenanajar, and Michael Bolton, developed a plan to get even with their company. They infected Initech’s accounting software with a virus designed to divert fractions of a penny into a personal bank account, and over time, their wealth would grow without the company noticing the missing funds. Due to a bug in the code, however, they ended up with over $300,000 in a matter of days, and hilarity ensued. 

Okay, that’s the plot of the movie Office Space, and insider threats usually aren’t that funny. In fact, they are a growing concern for many organizations, and rightfully so. According to statistics published by Cybersecurity Insiders in their recent Insider Threat Report, 90% of companies feel vulnerable to insider threats. In the report, it states organizations are equally concerned about two primary types of insider threats: 

• Malicious Insiders: Disgruntled current employees or ex-employees who Intend to directly harm the company through theft or sabotage
• Accidental Insiders: Employees who unintentionally cause harm by leaking sensitive information through negligence
• Compromised Threats: A compromised threat is the act of using another person’s credentials to access information and resources, often without the knowledge of the user. 

Insider Threat Indicators: What Should You Look For?

Insider threat indicators may become more prominent after an employee feels mistreated in some way. As defined by The Social Engineering Framework, an employee could become a malicious insider as a result of being overworked, underpaid, underappreciated, or passed up for a promotion. If that employee has privileged access to information, they can use those negative motivators to cause intentional damage. Often, a disgruntled employee may exhibit some behavioral changes which can serve as insider threat indicators, such as: 

• Consistently arriving to work much earlier or later than usual 
• Consistently staying later than usual 
• Becoming more vocal about company disapproval on social media or in the workplace
• Isolating themselves from other employees or avoiding workplace socialization

What Can I Do To Prevent It?

When it comes to information security risk management and data protection, there are several steps you can take that help align your organization with security industry best practices: 

• Actively apply the principle of least privilege, which states that user accounts should have the least amount of information privileges necessary for their job functions
• Document proper employee onboarding and offboarding procedures; offboarding procedures are especially important to ensure that former employees can no longer access company data
• Identify critical assets (e.g., data, processes, hardware) and ensure they are properly protected
• Conduct regular security awareness training to educate staff on insider and other cyberthreats
• Leverage 24×7 security monitoring to detect unusual outbound data traffic 
• Segment your network and separate critical data
• Maintain good backups and keep copies of data offsite

Depending on the individual’s situation, work strain and job pressure can also be insider threat indicators. There are also steps that your organization can take to help alleviate employee stress, including: 

• Holding stress relief seminars to educate your staff on ways to manage work-related and personal stress 
• Enforcing mandatory time off and job rotation, where possible

When we think of modern IT cyber security threats, we often think of a distant hacker probing for security vulnerability gaps in our network, but we may not consider the threat down the hall. Successful insider attacks are extremely damaging, but implementing security best practices can help protect your environment. Additionally, backups should always be the first line of defense against data loss, and because of their value, they are often a target for a cyber attack. Keeping that data offsite is imperative.

Does your organization need help understanding insider threat indicators or implementing an insider threat security plan?

Dataprise offers comprehensive cybersecurity and data protection resources, support and service plans to help secure your infrastructure. In the realm of recovery, Dataprise has helped companies recover from insider threats and attacks by maintaining secure backups.