Malicious Insiders Can Cause Serious Damage

Malicious Insiders Can Cause Serious Damage

Canada-based Desjardins Group, the largest credit union in North America, recently fell victim to a data breach that exposed the information of nearly 3 million of its members. The breach was not the result of a coordinated attack by external hackers. Instead, a malicious insider was able to gain privileged access rights and engage in data gathering over the course of several months.

It’s uncomfortable to think that one of the biggest threats to your computer systems could be sitting in your next staff meeting. However, security breaches by disgruntled employees are on the rise, and can cost thousands or even millions of dollars to resolve.

The DHS and the U.S. Computer Emergency Readiness Team (US-CERT) define an insider threat as “a current or former employee, contractor or other business partner who has or had authorized access to an organization’s network, system or data and intentionally misused that access to negatively affect the confidentiality, integrity or availability of the organization’s information or information systems.”

In other words, malicious insiders exploit their ability to access business networks and servers in order to destroy data, steal proprietary software, engage in fraudulent transactions, and obtain customer information and other resources for use in a new job. There also have been incidents in which disgruntled employees disabled access to key systems or conducted distributed denial of service attacks as part of an extortion scheme against their employers.

Organizations put themselves at risk of insider attacks when they fail to promptly disable access to IT systems when employees are terminated. Tech-savvy employees may also install unauthorized remote desktop protocol (RDP) software to maintain access to computer systems, or use personal email accounts and cloud storage to steal company data. These kinds of attacks may go on for weeks or months before they’re detected.

It’s not only disgruntled employees who engage in these kinds of activities. According to a study conducted by the Ponemon Institute, half of employees who left or lost their jobs in the previous 12 months kept confidential corporate data, and 40 percent planned to use it in their new jobs.

These commonsense strategies can reduce the risk of a security breach due to malicious insiders:

  • Immediately disable a terminated employee’s access to systems and networks, and ensure that third-party service providers know the employee has been dismissed.
  • Strictly limit administrator-level access to servers, networks and social media accounts, and change passwords when an administrator leaves the company.
  • Regularly review employee access rights and terminate any access that isn’t needed to perform daily job responsibilities.
  • Avoid the use of shared user names and passwords.
  • Require that all staff follow password best practices — use a different password for each account and change passwords regularly.
  • Restrict the use of cloud storage platforms and removable media such as thumb drives.
  • Regularly scan for malicious code and unauthorized applications.
  • Maintain daily backups of key systems and data.
  • Establish formal grievance procedures as an outlet for insider complaints, and ensure that management is aware of negative events in the workplace.

Verteks can also help reduce the risk of insider attacks through objective, third-party oversight of your systems and data. Contact us to learn how our real-time monitoring, patch management, software compliance, CIO-level consulting and other services can help improve your security posture.