Insider threats are a problem for many organizations across industries. They’re incredibly difficult to detect, because ‘insiders’ are people who have legitimate access to data, systems and other company assets.
Not only are they difficult to identify and prevent, but insider threats are on the rise, with a 47% increase in the last two years, according to the 2022 Ponemon Cost of Insider Threats Global Report. With this figure constantly getting higher, what can you do to prevent your business from falling victim? Here are some examples of the most high-profile cases of insider threats, highlighting where companies have gone wrong in the past and how we can learn from them going forward.
What is an insider threat?
In simple terms, an insider threat is just that - a trusted or privileged individual who has access to sensitive business information. They’re ‘insiders’ in the sense that they can readily access data and other assets that would otherwise be highly restricted. This includes employees, but also contractors, vendors and business partners.
Any person with access to an organization’s confidential assets could compromise systems, leak information or exfiltrate data - all of which put the business at risk of an attack. Some of the ways they cause damage include:
- Data theft
- Disruptions to operations
- Financial loss
- Disclosure of trade secrets
- Damage to reputation and customer trust
Types of insider threats
There are two main types of insider threats, both of which can have severe consequences for any business.
Statistics from the same report revealed that, accounting for 62% of reported incidents and responsible for an average cost of $4.58 million per occurrence, negligent insiders are the most common of the two types.
These are individuals who inadvertently introduce security risks or weaknesses into an organization. The main cause of negligent insider threats is carelessness when professionals fail to follow cybersecurity practices or are simply unaware of the dangers their actions may create.
Examples of negligent insider threats could include an employee connecting a malware-ridden USB device to a company laptop and unintentionally infecting it, or using weak passwords which threat actors can exploit easily to gain unauthorized access to systems and networks.
Learn more: 16 Bad Password Habits (and How to Solve Them)
Malicious insider threats account for roughly 14% of all reported incidents, which might not seem too concerning, but considering the volume of cyber attacks increased by 38% in 2022, the risk is too great to ignore.
The main difference between a negligent and malicious insider threat is that the latter involves an intention to purposefully harm systems, steal information and trade secrets, breach data or complete any action that puts a business at risk of cyber attacks.
These threats are harder to predict, as they’re not simply a product of negligence. Sometimes, disgruntled ex-employees may seek revenge, or current members of staff could carry out a cyber attack under duress from hackers or competing organizations.
5 famous insider threat cases
No matter the size and stature of a business, insider threats can happen to any company, at any given time. Their nature means prevention is difficult, but not impossible. Some of the most famous cases have provided lessons to be learned from, helping you to protect your organization in the future.
1. Dallas Police Department
In a series of events throughout March and April 2021, employee negligence caused almost 23 terabytes of data loss - the equivalent of 8.7 million police files, impacting roughly 17,500 separate criminal cases. A member of staff accidentally deleted these documents, which the department had collected for evidence.
Between 2018 and 2021, the employee responsible had only received two training sessions on the storage management system used by the police department. The individual failed to make sure copies were created before deleting the files, highlighting how preventable such a disastrous loss of data could have been.
In July 2020, malicious third parties gained access to 130 high-profile Twitter accounts, each with over a million followers. They used 45 of these profiles, including Barack Obama, Apple and Elon Musk, to promote a Bitcoin scam. Consequently, users transferred the equivalent of over $180,000 to the perpetrators.
The scammers managed to achieve this by contacting Twitter employees working from home and introducing themselves as IT administrators. The real members of staff unknowingly gave their details away, which were used by the hackers to take control of administrator tools.
Had Twitter put the necessary systems in place to detect unusual activity in the administrator tools, the hackers could have been stopped before they were able to tweet scam messages from highly followed accounts.
In December 2019, 250 million Microsoft customer records were found on the internet, exposed, without any password protection. The personal information of these people, including locations and email addresses, was available to anyone who happened to stumble across it.
The shocking part of this example is that it was found to be pure negligence. The relevant employees at Microsoft simply failed to secure the information appropriately, leading to a significant breach of data protection laws.
In 2018, a disgruntled ex-employee used their inside knowledge to delete 456 virtual machines used for Cisco’s WebEx team application, locking more than 16,000 WebEx users out of their accounts for two weeks.
Cisco’s cloud infrastructure wasn’t protected with appropriate identity and access management mechanisms, a pitfall exploited by a malicious former employee looking to seek revenge. The financial damage totaled over $2.4 billion, including wasted employee time and restitution costs to WebEx users.
Apple’s iOS source code was unintentionally leaked in 2018, when an intern thought he’d share it with friends on a jailbreaking community to figure out new ways to unlock an iOS phone.
Unfortunately, and as you might have predicted, the code didn’t stay on the community forum. Instead, it was leaked to a GitHub repository, where it was copied by plenty of individuals who jumped at the opportunity. The code was quickly removed, but the damage was already done as Apple cemented its place in the history books as another business to fall victim to negligent insider threats.
Lessons learned from these famous insider threat cases
The most significant takeaway from these insider threat cases is that a reliable threat detection platform is essential for any business. Cyber attacks are only increasing in both volume and severity, which means organizations looking to avoid ending up on lists like this should take security extremely seriously.
Practical ways to prevent insider threats
For any business, the best way to prevent insider threats from becoming a serious issue is by following best practices. Three of the key measures to implement include:
- Two-factor (or multi-factor) authentication
- Comprehensive security training for employees
- Device IDs
Furthermore, many companies, including some listed above, suffered the consequences of insider threats because they failed to highlight suspicious activities. These ‘red flags’ can be caught early with tools like employee monitoring software, security information and event management (SIEM) systems and user behavior analytics (UBA).
Technologies like these can detect anomalous activities before they can develop into full-scale cyber attacks. Other things to look out for are:
- Staff regularly working out of hours
- Large volumes of data being transferred to removable drives
- Former (or current) employees berating the business on social media platforms
- Workers deliberately avoiding security measures, such as using another employee’s credentials
- Remote staff connecting from several locations
Ultimately, the more visibility an organization has, the better its position when it comes to protecting assets from exploitation. Although insider threats are growing, cyber security is evolving too and businesses will continue to learn from each other when it comes to keeping information, data and other sensitive assets away from malicious third parties.
Access the latest business knowledge in IT
Join the conversation...