You have a ‘super malicious insider’

Issue 2 2022 Information Security

There’s a super malicious insider who is technically proficient and often acutely aware of an organisation’s technical limitations in proactively detecting insider threats. This is according to Dtex System’s 2022 Insider Risk Report that is based on real investigations and data collected by the Dtex Insider Intelligence and Investigations (i3) team throughout 2021.


John Mc Loughlin.

The super malicious insider is a technically proficient employee who is acutely aware of an organisation’s cybersecurity architecture, solutions and processes and who understands both the technical and human analyst limitations in detecting insider threat indicators.

The report identifies a significant increase in industrial espionage incidents and the rise of the ‘Super Malicious Insider’ persona and provides evidence that the abrupt shift to remote work has directly contributed to an escalation in psychosocial human behaviours that create organisational risk.

These ‘super malicious’ insiders have the technical skills needed to bypass many defences and often the training (usually provided by their employers) to understand how traditional cybersecurity solutions identify threats (i.e. data loss prevention, user activity monitoring, firewalls, virtual private networks and IAM).

One usually thinks of insider threats as disgruntled or unethical users seeking to damage the company financially or reputationally, these are malicious insiders. Their motives can range from personal gain to activism.

A second common insider threat is careless employees taking actions that can put data at risk. This includes sending sensitive information to their private email or cloud storage accounts so they can work remotely or clicking on suspicious links in emails.

Insider risk versus insider threat

A good place to start is to understand the difference between an insider risk and an insider threat. Gartner says not every insider risk becomes an insider threat, however, every insider threat started as an insider risk. In short, anyone who has access to sensitive information is an insider risk. Humans are imperfect and make mistakes. Even the most conscientious worker could accidentally email data to the wrong recipient, misplace their computer or have a company laptop stolen from their car.

Insider risks are also those sending sensitive information to their private email or cloud storage accounts so they can work remotely or those clicking on suspicious links in emails. Risk does not imply malicious intent. That is reserved for insider threats, those employees, vendors or partners who plan and execute actions to steal or release data or sabotage corporate systems.

Insider threats are most often financially motivated and are a mix of those who want to personally profit from the sale of sensitive corporate information and IP on the black market – to take that data with them to their next employer to quickly ‘add value’ – or, in rare cases, those who have been engaged by an external third party that has offered to compensate them financially in exchange for their help exfiltrating data.

In rare cases, insider threats are revenge-motivated because of being passed over for a promotion, not getting the salary increase they believe they deserve, or simply due to personal health issues they blame on their employer or co-workers. In even rarer cases, insider threats can be those individuals who are utilising corporate assets such as PCs and Wi-Fi to engage in criminal behaviours such as black-market ecommerce, human trafficking, or Child Sexual Abuse Material (CSAM) collection and storage.

As discussed in the report, the key to stopping a malicious insider is first to identify those who intentionally seek to cause harm. From understanding the underlying behavioural indicators that increase insider risk (including the differences in the way malicious and non-malicious users search, aggregate, manipulate, and transfer data), it becomes possible to detect and disrupt an insider threat before any irreparable harm is caused.

The full Dtex 2022 Insider Risk Intelligence & Investigations Report is available here (https://www2.dtexsystems.com/2022-insider-risk-report).




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
From QR code to compromise
Information Security News & Events
A new attack vector involves threat actors using fraudulent QR codes emailed in PDF attachments to bypass companies' phishing security measures by requiring users to scan the code with their mobile phones.

Read more...
Organisations fear AI-driven cyberattacks, but lack key defences
Kaspersky Information Security News & Events Training & Education
A recent Kaspersky study reveals that businesses are increasingly worried about the growing use of artificial intelligence in cyberattacks, with 56% of surveyed companies in South Africa reporting a rise in cyber incidents over the past year.

Read more...
Vodacom Business unveils new cybersecurity report
Information Security IoT & Automation
Cybersecurity as an Imperative for Growth offers insights into the state of cybersecurity in South Africa, the importance of security frameworks in digital resilience and the latest attack methods adopted by cyberattackers.

Read more...
Smart surveillance and cyber resilience
Axis Communications SA Surveillance Information Security Government and Parastatal (Industry) Facilities & Building Management
South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Read more...
NIS2 compliance amplifies skills shortages and resource strain
Information Security Security Services & Risk Management
A new Censuswide survey, commissioned by Veeam Software reveals the significant impact on businesses as they adapt to this key cybersecurity directive, with 95% of EMEA businesses siphoning other budgets to try and meet compliance deadline.

Read more...
Know who’s spying on you
Kaspersky Information Security Products & Solutions
According to the latest State of Stalkerware report, 40% of the people surveyed worldwide stated they have experienced stalking or suspect they are being spied on. A solution for Android is now available.

Read more...
Cybersecurity needs 4,7 million professionals
Information Security
Despite all the efforts organisations worldwide put into preventing cyberattacks, global cybercrime has snowballed to $9,2 trillion in 2024 and is expected to grow by another 70% to $15,6 trillion by the end of a decade.

Read more...
Autonomous healing systems are the future
Infrastructure Information Security AI & Data Analytics
Autonomous healing software, an emerging technology, is gaining traction for its potential to transform how organisations manage software maintenance, security, and system performance.

Read more...
Understanding South Africa’s Cybercrimes Act
Information Security Security Services & Risk Management
The Cybercrimes Act No.19 of 2020 is a comprehensive legislative response to the evolving landscape of cyberthreats in South Africa. Its effectiveness, however, relies on enforcement, which relies on implementation, international cooperation, and collaboration between the public and private sectors.

Read more...