Over 90% of online breaches come from within a company/organization.
There are three types of insider threats you should know about: Malicious, Negligent and Compromised insiders.
Malicious Insider Threats: Malicious insider threats are commonly referred to as moles, informants, spies, the inside man or agents. They reportedly make up 20% of internal breaches. And although the percentage is seemingly smaller, malicious insider threats are considered the most damaging, for obvious reasons. These individuals or groups of individuals work to infiltrate and destroy the inner workings of a company/organization. They are highly organized and methodical in their tactics and can be difficult to detect until it’s too late. They work to achieve access to sensitive information, install malware, creating division within the company/organization among its members and other forms of harmful acts.
One may ask, “What exactly makes a person agree to and carry out the acts of an inside man or mole?”
There are four main reasons: 1) Money 2) Ideology 3) Coercion 4) Ego
Money: They say that money is the root of all evil, and it is true when someone will compromise their integrity, morals and the safety of others to gain it. Those who are susceptible to this approach into espionage need material things to esteem them. Greed, especially when coupled with an inferiority complex, can cause one to carry out malicious acts against a company and organization. Even if the person is good at their core, if they have come up on hard times and are in financial need, the wrong person with knowledge of that can exploit this individual.
Many believe that they will only be asked to do one or two jobs; steal or install data, but more times than not and unbeknownst to the mole they’re in for much longer and can be extorted or threatened in various ways to comply.
Ideology: This can be referred to as the belief in and the desire to contribute towards something much “bigger than oneself”. The idea of working towards a greater cause and the belief that the sacrifice and outcome will justify the means no matter how damaging it is on the frontend is how others are recruited.
Coercion: This can also be extortion. There are those who are susceptible to blackmail, bribery or who are easy to threaten and intimidate into becoming informants. There are those who may have a blemish on their record and will do whatever it takes to remove it. There are those who suffer from low self-esteem and self-worth that will probably not put up a fight or report the culprit because he uses shame and blame to trap them. These are common tactics in coercing someone into acting as an organizational mole.
Ego: Everyone wants to feel important and useful. The ego can be our worst enemy especially if it is starving for attention, recognition and accolades. This is easy to spot and also easy to exploit. Most individuals who fall into this category will take the pay cut for power or influence. They will accept bribes that are not monetary in exchange for gaining information or inserting Cyber attacks through the culprits mechanisms. Some individuals feel overlooked or under-utilized, so they harbor animosity, bitterness and contention towards those they feel are responsible. They leak their dissatisfaction making it easy to exploit.
Negligent Insider Threats: More than 50% are caused by people who have already shown disrespect for security routine. This pertains to workers who mindlessly, or out of curiosity, click on links in emails or text messages without verifying whether it is safe to do so. These are the employees who click on buttons without seeing the actual URL. They enter another website that appears legit and input sensitive information such as their username and password believing the email is from their bank, for example, when it is a phishing scam. This also pertains to workers who fall victim to “click bait” and headlines that generate curiosity, anger, fear or humor when they are asked to “click here to read more”.
Compromised Insider Threats: These are individuals who fall prey to social engineers. Social engineers are those who contact this unsuspecting worker to get specific information that might cause damage to the fiber and inner workings of the company/organization. The worker has people-pleasing tendencies and believes in the “important by association” principle. The social engineer uses a tactic called “name-dropping”, making the worker feel important or convince the worker that if they won’t help, the social engineer posing as a fellow employee could get into trouble or fired. The compromised worker who loves to help doesn’t want their fellow employee to get fired, therefore, they comply unaware of the scam being played.
The social engineer will fast talk or use the company lingo to foster trust. The compromised employee feels good about helping a “fellow worker”. Usually the information the social engineer requests seems harmless; the last name of the company’s CEO, or the extension to the personal assistant, or the name of the IT personnel. Questions that would seem to be general company information, which may be true, but with enough information the social engineer can call again posing as the IT personnel needing to gain access to a “particular server to check the connectivity”. Unfortunately for the compromised employee, they did not verify the identity of the person on the other end before giving them access.
To circle back to Malicious Insider Threats; these are the most damaging, therefore, I would like to outline some specific traits and telltale signs of those who are susceptible to acting in part with culprits of malicious insider threats.
Be mindful that if you see these traits in another person, or in yourself, it means to take careful watch. Closer interaction and observation is encouraged. Document what you see and the frequency of it, and if you are compelled to make a formal report, do so directly to your Human Resources or Protocol or Investigation department. No one else.
Disclaimer: If someone fits the “emotional vulnerability” trait, for example, go to them first and ask them what’s going on. It could be they lost a loved one or were evicted from their home. I encourage those reading this to exercise decency and wisdom when examining those around you.
It reminds me of when I worked in Forensic Psychology and had to diagnose clients with certain mental illnesses. We had to work from a set criteria in the DSM IV (Diagnostic and Statistical Manual of Mental Disorders). The client had to meet a certain number of symptoms for a period of time consecutively to fit the criteria for diagnosis. The same concept can be used in cases of insider threats. Document what you see, and if there is a blatant compromise (someone is going through your office, desk, personal things), immediately contact those mentioned above.
Common Traits of An Inside Man
1. They are dissatisfied with their job or aspects of the work/involvement
2. There is a grudge (i.e. passed over for a promotion)
3. Emotional vulnerability
4. Susceptible to blackmail
5. Drug/alcohol abuse
6. Seeks power, influence and status
7. They are only loyal to themselves
8. They foster distrust, negativity, defensiveness among others
9. They gossip
10. Constant complaining; does this privately to a team member but refuses to bring the complaint publicly
11. They undermine the work of the team or a member of the team
12. Their actions or lack there of destroys teamwork and erodes productivity
13. Lack of cooperation
14. Inordinate competitiveness
17. They rub elbows with the boss or those in leadership, so when their actions are confronted, the boss comes to their rescue
18. Overly dramatic; they over share, complain, or project general victimhood
19. Often hardworking but their net effect on the organization’s morale is negative
20. Their allegiance is to another organization or company; considerably more enthusiastic and productive elsewhere
21. They are slow or resistant to carrying out instructions or duties that are part of their job description or role
In any case of the above, a strategy to prevent insider threats from damaging your company/organization is to issue role based access. Justify access escalation by re-validating access each time a worker is promoted to a new level of access to sensitive information. Develop a new access frontier by screening employees like a new hire. This will give insight into life changes, dissatisfaction or addressing poor habits that might harm the company’s infrastructure.
It is suggested to re-credential employees who are not promoted annually.
For more information about how to address insider threats, email me at email@example.com or book a Cyber security strategy session.