Five Types of Insiders who may steal your Company’s Data
Most CIOs and data security practitioners believe that traditional security measures such as firewalls, anti-virus, and even password best practices are credible protection against data leaks and theft. The fact is that they are not – especially when the root of the problem could be the employee himself.
Data leak or data breach is a phenomenon that is not given its due importance by organizations at a global level. This exists till such a time when an organization becomes the victim of a data leak and ends up facing regulatory repercussions and brand loss.
Those organizations that do give ‘due importance’ to data security unfortunately assume, often incorrectly, that traditional IT security practices of firewall, anti-virus along with password-protection practices would suffice. Nothing could be farther from the truth.
The greatest threat to your data is not from hackers and malware, but by trusted ‘insiders’ who may be at any level in the corporate from employees to the leadership. This makes it the most difficult to detect. According to a survey by CA, “…both regular employees (56%) and privileged IT users (55%) pose the biggest insider security risk to organizations, followed by contractors (42%).” (1)
Insiders are of multiple hues – five to be exact. In-depth knowledge of these types help, to a large extent, ways to stave off data leaks and protect data wherever it is.
 ‘Inadvertent’ Insider may be the most common type, but they are also the most damaging and the most difficult to handle. What do you do with a seemingly innocuous employee who has been the source of corporate shame due to bad, rather improper, handling of data? Fire him and tighten data protection process across the organization? This becomes a question of ‘security culture’ across the organization of about attuning employees to behave seriously when it comes to handling data.
Training is vital. Users must be trained against conventional and trending attack paradigms. It is popularly known that the most popular source of a data breach is through phishing and ‘man in the middle’ attacks. However, enforcing this is a tall ask. What do you do with those who do not case to respond to your training and practice enforcement overtures? It is a fact that people still fall prey to various social engineering attacks.
 The Unholy Nexus. World history is with infamous cases of great battles lost and empires destroyed due to collusion between the enemy and a nefarious insider. Those stories aren’t just found in the history books, but even today in large corporations and manufacturing companies where a quick way to overcome competition is to steal intellectual property. Remember the scene in Jurassic Park where the park’s lead computer programmer, Dennis Nedry, is bribed by Dodgson, a man working for Hammond’s corporate rival, to steal fertilized dinosaur embryos?
Such nexus exists even between malicious employees and governments. Real Clear Defence, in its story ‘China’s Corporate Espionage Looms Large’ states, “China has long strived to obtain the technologies it believes it needs to achieve commercial and military parity with the West. This desire has been formally spelled out in the 863 Program in 1986 and, more recently, a 10-year plan released in 2015 called Made in China 2025, which publicly listed the technologies that the Chinese government has identified as critical for the future development of its economy and national strength. While Beijing funds research to develop these technologies indigenously, China has found that it is often cheaper and quicker to simply steal what it needs.” (1)
On the other hand, there is always the devil inside employees wanting to make a quick buck by selling vital information, such as IP and personal information of employees and clients, on the Dark Web.
A report by Community Emergency Response Team (CERT) states that the percentile of such alliances is at 48.32% of all data loss caused by insiders. (2)
 Second Streamers. Once a malicious insider ends up successfully making quick money stealing and selling valuable data, it tends to become a habit. In fact, a study by Gartner categorizes repeat offenders as “second streamers” and this weighs this at 62% of malicious insiders. What is truly worrisome is that scruples continue to be a concern even with folks at the higher management level. With critical data, such as financial information, employees’ personal data and IP, in the hands of corporate leadership, exposure of such data in the wrong hands could spell the death knell of the company.
What makes these veterans dangerous compared to bumbling first timers is their experience and ability to innovative newer ways to commit the deed.
 Employees with a Vengeance. When the purpose is more than just money, the impact of data loss would become even more devastating for the organization. Gartner states that 29% of malicious insiders stole information after leaving the organization. What is the hidden link that continues after severance?
 The Insider outside. Organizations work in an ecosystem of external stakeholders such as vendors. Due to the nature of operations, vendors are given access to sensitive information. When monitored initially, after many years of a successful long-term relationship, organizations tend to become lax in keeping an eye on data exchanges – especially data that flows out. The case of Target is a popular example in which an air conditioner and refrigeration mechanic gained access to the company’s systems by stealing network credentials from a third-party vendor.
While the human side is daunting enough, consider the complex system of machine-to-machine communication. Such backend data exchanges are driven by protocol – some that may date back to decades. Do IT admins and data security personnel monitor these effectively? How do they know what information is being sent out of the organization’s IT boundaries? In addition to this is the new dimension of intrusion devices or ‘hearing’ devices that siphon off data.
Companies are taking steps to protect their data from intentional or accidental loss. As insider threats are increasingly coming under the radar of IT teams, multiple steps are taken to analyze and respond to such threats. These include adopting behavioral analytics, assigning risk scores, and detecting and responding to patterns of risk in human behavior consequently aiming at mitigating internal threats.
SECUDE often asks leading data security practitioners, especially those holding positions of direct responsibility, such as CIOs, CISOs and even the CEO, the following questions.
- Do you know who downloads the maximum number of files?
- Do you know what files are being downloaded?
- Do you know the size of the files being downloaded?
It is right-down scary to note that most are unable to answer these with clarity.
To be Forewarned is to be Forearmed
While the above-mentioned practices do make an impact, in practicality, it all starts with knowing. In other words, getting clear definite answers to the above questions – and then taking the necessary steps.
Thus, it is critically important to have the ability to monitor, record, and classify all activity surrounding your business-critical data as it is exported from your ERP. What is required, is a solution with enhanced logging and auditing features to give you critical visibility into sensitive data distribution, allowing internal and external audit teams to identify risky areas, users, or transactions.
To know how SECUDE can protect your vital information, be it financial, IP, operations, customer or even about your employees, visit our HALOCORE page.