How to spot and deal with malicious insiders

Malicious insiders pose one of the biggest threats to a business. Organisations go to great lengths to protect themselves from external attacks, but often the people who can do the most damage are sitting within their office walls. Visitors, cleaners, temp staff, external IT support, delivery personnel…the threat landscape can seem overwhelming when you think about it.

Any disgruntled employee, on-site technician, or similar has the opportunity to discover vast amounts of sensitive information or vulnerabilities within the organisation that could then be exploited maliciously. It could be as simple as hacking a colleague’s email account or disclosing security flaws to third parties. If a colleague’s email account is hacked, this could then allow the hacker access to social media accounts and even shared login credentials for company social media accounts that could be compromised and used to defame or embarrass the company. It's gone from malicious to illegal in only a few clicks, and worryingly this can all be carried out from the comfort of their desk.

Mitigating the risks posed by malicious insiders is hard, but not impossible, with the simplest approaches often being the most effective.

Create robust authentication access controls

Having some identity access controls in place is better than no controls whatsoever. Too many controls and many businesses will find this difficult to manage, although some larger companies will need these extra layers of security. Ultimately, the controls you have in place have to be enough to allow individuals to do their respective work and not be so restrictive that it inhibits them from being productive.

Passwords are absolutely essential, and there is a wealth of two-factor authentication tools for your business to take advantage of. SMS authentication, physical tokens, and one-time password options can also enable your business to be better protected against malicious insiders. When rolling out such solutions, make sure not to flood your workforce with too much change too quickly.

Continuously review access privileges and processes

There's nothing worse than trying to do something necessary and being restricted from doing so because of overly stringent access policies. Find a balance and constantly review it. It might have been right at the time, but circumstances may not be the same in three or six months as the business or departmental processes change.

Be willing to adapt and find smarter ways of allowing some freedom whilst still retaining control. Some processes can be too controlling, leading to a burden that staff will actively look for ways around. There are plenty of tools available to help cut your security risks without creating unmanageable situations for staff. Ultimately, your budgets will determine what is and isn't going to be feasible to introduce.

Additionally, ensure you keep accurate access control registers and audit them. The policies in place whenever an employee moves on should take into account disabling access rights to reduce the risk of ex-employees accessing business-critical files.

Look out for disenfranchised staff

What about those inside individuals who you trust and smile at you every day but are secretly using heightened access rights for malicious or illegal reasons: the silent enemy within? This is a reality, and it means you can never protect yourself 100 per cent against ill-meaning insiders. How many server room doors are kept open around the country, with racks that are unlocked and easy to get access to? How many desktops are kept unlocked and available on employees’ desks?

That being said, there is no use heightening such situations by further alienating staff with excessive access controls or heightened scrutiny. Instead, try and spot poor relations between your staff and your company early to head off the threat from such insiders. Examine their professional situation, including workload and pressures from peers. At the end of the day, malicious insiders are motivated by self-interest or retribution. You can’t control people’s personal desires, but you can influence their relationship with your company.

While these practices will go a long way in heading off the risks posed by insiders, a lot of the time businesses end up learning about malicious insiders the hard way. Commonly, businesses implement policies to address some potential vulnerabilities or as a direct result of having been on the receiving end of an internal security incident. It's not always just about hackers anymore, but employees stealing confidential data and destroying information that is valuable to the business.

Experience shows that controls are a necessary requirement, so start to introduce them, review them, update them, and generally don't take your internal office environment for granted as a safe zone.

Oscar Arean, Technical Operations Manager at Databarracks