Home / About / Insights / How can organisations stop malicious insiders?

Published: 22nd August 2022 | In: Insights

If you read our previous blog on insider threats to the legal sector you’ll know that there are three types of insider threats facing organisations today and malicious intent is arguably the most difficult to prevent.

The underhand act of employees stealing information from their employer is as old as commerce itself. It’s well known that some people take valuable data with them when they move jobs, leaving their current employer in the dark that one of their rivals will soon have their hands on the same information, which could of course empower them to make better decisions and gain a competitive advantage.

Two different surveys published in 2021 indicate how serious this problem is: one revealed that 20% of data breaches was caused by insiders, while the other stated that 28% of IT leaders named internal malicious behaviour as their biggest fear. And according to research from accountancy firm BDO 21% of business owners said that their own employees had been involved in fraud.

Perfectly placed

Whatever their reasons for doing so, employees who intentionally try to take data from their employers are already in the perfect place. They know where the data sits and they may have access to it, or know a friendly colleague or administrator who does. They have probably gained a rudimentary knowledge of their firm’s existing security procedures, strengths and weaknesses, and how to stealthily bypass them. And they have the rock solid alibi of being at work.

The massive move to home and hybrid working since early 2020 has possibly only gone to make this particular insider threat harder to detect and yet harder still to stop. Despite this risk being the least common of the three insider threats (human error and exploitation are the other two), disgruntled and malicious employees can inflict greater damage than any outside cybercriminal could ever hope to do.

So while organisations need to take urgent steps to strengthen their defences against unseen adversaries outside, they also need to face up to the reality that familiar foes may already lurk inside their four walls. Some of these malicious insiders might be preparing to leave the business but others could be planning to stay a lot longer. Both are very difficult, but not impossible, to catch in the act because they will be on best behaviour for the rest of the time

What can companies do to prevent it?

While training employees in cyber security awareness is a great way to reduce the risk of breaches in many situations, it’s ineffective when they are the ones planning the breach and such training may even give them tips on how to evade detection.

Thankfully, human and technology solutions are available to significantly tighten defences against malicious insiders – and a combination of the two probably works best. However, no single solution is ever infallible for all scenarios that a business might face.

Most thefts occur because there’s a need for the culprit to commit the crime and the opportunity to do it. Criminals want to take the path of least resistance – they aim to find the easiest way to steal data without being caught. So any solution needs to make their chosen path as hard as possible to reduce their likelihood of success.

Compliance is key

Organisations would be wise to start building their defences with compliance and consider what their biggest risks are. What types of data do they store that criminals might want? Who has access to this data? What privileges do they have? Has role-based access control been set up? Is their access monitored, controlled and logged? This is all part of the zero-trust approach which makes verification – even for administrators – second nature throughout an organisation.

The Compliance team, whose job it is to prevent a breach, then needs to ensure that data is only accessed when needed. Technology can help, by controlling access rights across the entire organisation – but only if it’s configured and applied correctly with cyber security in mind. For instance, controls can be set up to allow an employee to send an email to an external contact so they can read it. However, if that contact tries to forward it on to another person then the content is encrypted and unreadable. Simple techniques like this once can be very effective in preventing rogue insiders from doing harm.

Clear communication

Alongside implementing the technology part of the solution, communication is also important. Businesses should outline their rules and policies to employees and explain why they’re in place and what the penalties are for breaking them.

Stopping malicious insiders from achieving their goals might seem like a lot of work, but the consequences of not getting this right can be huge. Such crimes can lead to financial losses, loss of trust in the company, damaged business reputation, customers’ data being compromised, fines from regulatory bodies, bad publicity if the news gets out in the open and maybe even share prices falling.

The reward for balancing strong internal policies and rigorous compliance isn’t just a more efficient and effective workforce but a significantly reduced risk of data loss, which in turn protects the business and its customers. And employees won’t feel like they aren’t trusted.

Learn more about insider threats and our industry expertise

If you are keen to learn about this subject more broadly, please take a look at our previous blog entitled ‘Insider threats are a major challenge for the Legal Sector’.

To find out more about Quorum Cyber’s expertise in a number of different sectors, please visit our dedicated pages under Solutions -> Industries from the home page of our website.