Insiders are the business’s weakest link and breaches caused by employees are the costliest and the hardest to predict. This is especially true if we talk about accidental insiders who leak unintentionally and have limited knowledge of a corporate security policy. Their action may not only cause direct damage, but also catalyse fraudsters or hackers. In fact, according to the 2018 Insider Threat Report by Cybersecurity Insiders, more than 51% of companies are concerned about the unintentional insider attack.
Accidental insiders present the focus of the article; let’s consider some examples of the rapidly growing presence of this type of threat.
Risk groups of employees
People from risk groups (gamblers, debtors, addicts, and other risk groups) are often victims of blackmail. Under pressure, they choose to commit crimes in order to keep personal secrets.
A competitor of a transport company began to entice customers systematically at the stage of signing agreements. The risk manager of a company drew attention to the changed behaviour of one of the top managers. An in-depth analysis and notification of the violation of security policy used to identify relations between colleagues showed that a top manager was intimate with one of the employees.
The employee herself would actively communicate on social networks with an employee from a competing company. The risk manager suggested that having learnt about the ‘skeleton in the closet’, the competitors decided to blackmail the top manager and forced him to leak data. To test the hypothesis, the top manager was told deliberately false information about the upcoming transaction – and the competitors took advantage of this.
Ex-employees, especially those who left with a scandal or went to competitors, often try to find out confidential information through ex-colleagues with whom they maintain friendly relations and communicate on a daily basis or from time to time.
One of a retailer’s employees discussed the company’s short-term development plans with an unknown via Skype. It was found out that the account of the unknown belonged to a former sales manager of the company who left for a competitor but continued to keep close relations with some colleagues. The ex-employee was trying to learn about changes in the company’s policy and future development plans. The information security officer talked to the employee and explained the potential impact of this friendly communication.
A positively minded informal leader will benefit, but a colleague with a negative attitude can harm a company, because the atmosphere in a team often depends on the mood he/she has. This can happen during a reorganisation of business processes: changes are not accepted easily and if an influential colleague initiates a strategy, a company can lose valuable employees.
The management of a service provider greatly changed the structure of the company and management processes. The changes were not sudden: the personnel were warned that the corporate policy was being reviewed. One of the company’s old-timers, in conversations with colleagues expressed dissatisfaction with top management, its decisions, and instigated disloyalty among colleagues.
The working climate suffered: some employees simply lost motivation, others began to have thoughts about leaving the company. Seeing the full picture of what was happening, the company took measures: explained the nature of changes, goals, and immediate plans. People got answers and the situation stabilised.
Disloyal employees are automatically included in the risk group, they pit staff against top management, damage your company’s corporate reputation, delete, forge, leak or steal company documents. Outraged employees can pour out their negative emotions, and not only on their colleagues. In a blaze of anger, they leave devastating reviews on third-party sites and thereby damage the company’s reputation. Moreover, the working climate is directly related to the productivity of employees, and therefore the company’s profit.
One of the employees of a product company was outraged by the incentive system and other aspects of the relationship with the management. The troublemaker had worked in the company for a long time and gained authority, so many employees respected his words. As the relationship with the top management was heating up, the employee could hardly restrain his emotions and, eventually, almost openly pitted staff against the top management.
The investigation showed that the dissatisfaction of the team began to increase. The employees started to write negative comments on review sites. As a result, the agitator was reprimanded, and the HR department worked with the team to restore loyalty to the company.
The last two cases are vivid illustrations of employees becoming victims of manipulation and unwitting accomplices in reputation damage.
Inadvertent insider threats are evolving in multiple directions, that’s why risk assessment shouldn’t be a one-time thing and risk management should be dynamic too. Although accidental losses due to human activities are often unanticipated, there are methods that can safeguard a company against internal incidents:
• Enable data protection: The most valuable corporate assets are the most vulnerable to both intentional and unintentional insiders. Ongoing employee monitoring will ensure intellectual property safety and confidential data protection against all categories of insiders.
• Adopt behavioural analytics: A general data safety approach including basic instruments is not enough to proactively identify a potential insider. Even a DLP system is not that powerful, so we as a risk management product developer offer automated profiling for our clients.
Understanding many kinds of human behaviour is a major advantage in creating real safeguards against insider risks. With tools for employee monitoring, data protection and user behavioural analytics, it’s possible to perform advanced protection against both inadvertent and criminal insiders.