MODULE 6 – Insider Threats

Insider threats are people with authorized access to a company’s resources, non-public data, or internal computer networks, who intentionally or unintentionally use that access to harm the company.  An insider threat does NOT have to be a direct hire employee!  It could be a worker, contractor, supplier, or any individual with privileged or non-public access to a company.

Insider threats come in two types: intentional and unintentional. Unintentional ones let slip confidential data in any of the many ways you’ve just learned about: phishing; using weak passwords at work; losing company devices.  Employees or interns who are looking to make a big splash at their NEXT job by taking information from their current job are types of insider threats.  They don’t understand that all the data on their employer’s computer belongs to the company.  It’s usually easier for hackers to go after files on someone’s personal laptop or phone than a secure corporate network.  They didn’t mean to do any of those things, but they’re still insider threats.

Intentional insider threats are largely motivated by same four things that we covered earlier – money, ideology, compromise, or ego.

There isn’t much in the way to stop a committed insider.  A company’s best assets leave the building every night.  Are they going home happy?


Insider Threat

  1. Definition: Someone with authorized access to a company’s internal system who intentionally or unintentionally uses that access to harm the company. Does not have to be a direct hire employee!  Could be a worker, contractor, or any individual with non-public access to a company.
  2. Significant percentage of attacks on companies are from insiders.
    1. Once again, companies are focused on solving the technical problem while ignoring the human behind the technical problem.
  3. Two kinds of insider threat – Intentional and Unintentional
    1. Intentional insider threats
      1. Motivated by the same things under MICE. Add to that Revenge: Didn’t get a promotion. Got fired. Ideas weren’t accepted at work.
      2. Sometimes they quit and attack the company with their insider info. Sometimes they do it in place

        Unintentional insider threat

        1. People who don’t mean harm but don’t follow the rules.
        2. Employees who take company data with them; maybe for professional development, maybe for use in future jobs (competitors). Often employees who are new to the professional workplace. They don’t understand that just because they have access to data they don’t get to take the data without company permission. Not properly securing data makes employees unwitting threats.
  1. The hardest threat to deal with because:
  2. People are companies’ best assets – and they walk out the door every day.
  3. Hard to track knowledge that everyone has.
  4. Employees can typically take info out with them without the data transfer being tracked.
  5. Typically, only large or specialty companies have solid data compartmentalization programs.
  6. Where is the line between an employee discussing certain matters and crossing the line into giving something away that’s not authorized? Not always clear.
  7. Some insider threats are not with malicious intent – most hacks are inadvertently enabled by unwitting employees
  8. Solutions
    1. Be aware of baselines of colleagues: Extroverts who suddenly become introverted and secretive about work they used to discuss freely; introverts who withdraw from workplace interaction even more; employees who begin downloading large amounts of data from corporate systems when they previously hadn’t;
    2. Recognize signs of possible intentional insider threat action:
      1. Excessive questions about restricted corporate information
      2. Interest in sensitive corporate programs or data that are not connected to their work
  • Unusual patterns of copying data from online systems; excessive or unusual use of USB thumb drives to transfer data
  1. Sudden appearance of unexplained wealth
  2. Noticeable negative change in attitude about the company, specific managers, or new policies.