You are more likely to be attacked from the inside by ‘one of your own’ than you are by a distant faceless cyber criminal.
In a far-off land, huddled behind a back of glowing computer monitors, there is a criminal gang planning its next great cyber attack. We can only imagine what their ultimate aim is but it’s safe to conclude that money will be a motivating factor.
If the headlines are to be believed then at any moment and without any warning they will strike – ninja like – and your years of hard work building your small business, or progression up the corporate ladder will be undone. But is that reality?
While it’s true that wide ranging phishing attacks and ransomeware are effecting many, there is a far greater chance that a business will suffer an attack from the inside. It’s more likely to be ‘Bob’ from down the corridor then some sophisticated code warrior who can break encryption technologies with nothing no more than a notepad and their overly developed intellect.
The ‘Cyber Insider’, or the ‘Insider Threat’ as it also gets referred too is someone who (knowingly or unknowingly) misuses legitimate access to commit a malicious act or damage their employer. The most notorious of this breed is Edward Snowden who famously copied and leaked classified information from the National Security Agency (NSA) in 2013 without prior authorisation. His motivation was that of a political stance, as he wished to expose wide scale surveillance programs that were being undertaken at the time.
So, what would motivate an ‘insider’ within your business or organisation to commit a cyber crime?
All manner of havoc can be rained down on a company by an insider with sabotage on their mind. If they have access to data, they could maliciously manipulate it, inflating or deflating sales figures, attendance records or other statistical information. Access to a colleague’s email account, or workstation, could be used to implicate them in activities that contravene the companies acceptable use policy. Or perhaps they may wish to cause a situation that will benefit them in the long term by artificially creating a problem, to which only themselves can resolve.
This all may sound slightly paranoid and if it is taken from a work of fiction, however it is all possible and such scenarios need to be considered.
If an employee concludes that the way their employer does business, the people they do business with, or the products and services that they provide, do not meet with their moral code then they may decide to blow the whistle on you.
If they can profit from it, through financial gain, notoriety amongst a peer group, or see those who in their eyes deserve a falling from grace, then temptation to take whatever evidential material they have and make it public can be great.
The dark web is awash with material that implicates individuals and businesses in all manner of activities that depending on your own personal stance can range from professionally questionable through to abhorrent. It didn’t get there by accident, but was more than likely the result of an insiders misplaced moral judgement.
How can such things be prevented? Through understanding who has access to what data and then how that data is manipulated, moved, copied or disseminated though the organisations infrastructure.
Disgruntled Former Employee
When a company must lay off staff, or in some cases has to relieve an individual of their duties, unless sensitively managed there can be a residual resentment that may result in revenge. If an employee has been freely allowed to make copies of company data, even if it has just been to ‘email it to themselves at home to work on it remotely’ they may decide to ‘weaponise’ this information and attempt to inflict damage.
If when they are asked to leave, or in the period of their notice, they may attempt harvest data that can be used at a later date. Meeting minutes, audio recordings of meetings, expenses reports, salary details, all sorts of information that if viewed through the lens of a disgruntled employee can be coloured in a less than flattering way.
Disgruntled employees, especially those who may have been working within the IT function of a business also may wish to use their skills to disrupt systems, erase data, or to purposefully compromise security in a bid to inflict embarrassment or pain on their former employer.
To resolve this, any HR related activity that is likely to cause emotional trauma on an individual, must have an IT related element to it ensuring that access to data is restricted or suspended in order to protect the organisation from such criminal action.
These are a few examples of what is possible and admittedly such crimes could have been undertaken long before the advent of technology and the ever-consistent flow of data. However, technology has made such crimes easier to be perpetrated and with less chance of being caught.
With cyber crime and cyber security, it is actually easier to focus on a threat from a distant faceless individual, as opposed to what may occur within a company’s own boundaries, but if a company can acknowledge, address and take the necessary steps to mitigate an insider threat then they will be well placed to address the threats from much further afield.