Interviews

Insider threats

by Mark Rowe

G4S Academy International Director Noah Price, pictured, explains the risks and threats employees can pose to your organisation and how to prevent them.

If asked to describe a physical security breach that can impact a company, most people would think of an external criminal intent on harming an organisation. But what if the attack comes from within? Perpetrated by someone you should be able to trust? Insider threats are a serious security risk that every business must prepare for. Failing to do so could be reputationally or financially damaging. According to G4S’s first-ever World Security Report, internal threats are expected to increase next year, with 92 per cent anticipating their company will be targeted.

What is an insider threat?

An insider threat is carried out by someone who exploits their ‘authorised’ access for ‘unauthorised’ purposes. The employee, subcontractor or someone permitted to work within your organisation can get their hands on confidential or sensitive information, data or communications. They may then hold the organisation to ransom in order to return what they have stolen, they may leak the information into the public domain, or they may choose to sell the stolen material to a third party or hostile state.

Types of insiders

Threat actors who commit an insider threat are usually classified as a ‘knowing insider’ or an ‘unknowing insider’. A knowing insider is someone who deliberately uses their access on purpose to cause harm.

They are often motivated by financial gain. Or, sometimes they are stealing company data to gain a competitive edge for a new venture or may be disgruntled. Usually, they are a lone wolf who acts on their own without any other influences. For example, a system administrator or database admin may abuse their high level of privilege. They could access valuable items, sensitive information or money. This is often difficult to prevent.

This person is someone the company once trusted with sensitive information and access. But, something happened to make this employee feel disgruntled and aggrieved. They want to “get even”, due to unfair termination, a lack of recognition or some other slight. Or, they may be someone who suddenly finds themselves in difficult circumstances in their personal life. In this case, desperation weakens their personal resilience and leads them to commit malicious acts.

An unknowing insider is someone who may not fully understand what they are doing, or becomes an Insider threat by mistake. An example could be an employee who forgets to log out of their work account on a public computer; leaving it vulnerable for others to access. Or, someone who accidentally loses a flash drive or classified papers that contain sensitive information. There have been many examples of this – most recently in the United States with both the current and former President being investigated for retaining classified documents at their homes.

It’s easier than you think to mistype an email address and send sensitive information to the wrong person. Unknowing insiders can also be unaware that they are being taken advantage of by others. They might download malware, give information to scammers or click on a link in a phishing email.

Data

Concerningly, internal threats are increasing. Some 89pc of CSOs say their company experienced some form of internal threat in the last 12 months according to the World Security Report; this is expected to increase to 92pc in the year ahead. “Misuse of company resources or data” is the most common internal threat, with 35pc having experienced this, followed closely by “leaking of sensitive information” at 34pc. This threat is expected to become the biggest internal threat in the next 12 months.

“Misuse of company resources or data” has the strongest correlation with “implementing more effective security.” This was the internal incident most likely to drive companies to improve their security in the last year. “Unauthorized access to company resources or data,” “industrial espionage” and “intellectual property theft” are all expected to increase in the next year. Perceived financial gains may entice a company employee to share confidential information in exchange for payment.

Case studies

Insider threats make headlines; news outlets regularly report on high-profile or unusual incidents – which can damage a brands reputation in the media, with customers and stakeholders. In October 2023, a man was seen urinating into a vat at a Tsingtao beer factory. Tsingtao’s stock price slumped 7.5pc on the Shanghai Stock Exchange over a week. The British Museum announced in August 2023 that up to 2,000 objects from its storerooms were missing, stolen or damaged. An employee was dismissed and the police are investigating.

A European news site reported in March 2024 that sensitive files of top law enforcement officials at Europol had gone missing, sparking a crisis. Politico reported that “a clutch of highly sensitive files containing the personal information of top law enforcement executives went missing last summer. They were supposed to be under lock and key, in a secure storage room deep inside Europol’s headquarters in The Hague.” An employee was also dismissed on this occasion.

How to prevent

Fostering a culture that combines security awareness alongside up-to-date equipment and technology is the best preventative measure. Employees should be regularly trained to identify phishing attempts and suspicious behaviour, as well as reminding them of data security protocols. They should also only have the access they need to certain documents and areas of a building.

Additionally, implementing strong access controls restricts digital and physical theft or leakage. Ideally, access controls should be enhanced with surveillance technology. When employees know the cameras are on them, it’s harder to do anything deceitful. Cameras can also help with the issue of people using each other’s access cards. The CCTV footage will show who actually entered any specific area, and exactly what they did there. CCTV will never be enough by itself, but should be part of a full security system and monitored by a well-trained team.

Further information

More on how to prevent insider threats and protect your business here: https://www.g4s.com/-/media/g4s/corporate/indexed-files/files/g4s-academy/g4s_academy_guide_insider_threat.ashx

G4S released a World Security Report, which contains data from 1,775 Chief Security Officers – including on which threats they expect to increase and decrease over the next 12 months. Visit: https://www.worldsecurityreport.com/.

See also YouTube channel video: https://www.youtube.com/watch?v=cR4AUjkqQAo.

Related News

  • Interviews

    Securitas report

    by Mark Rowe

    The security market in countries such as France, Portugal and Spain continues to deteriorate, according to the Swedish-based security multinational Securitas AB…

  • Interviews

    EU cyber speech

    by msecadm4921

    Neelie Kroes Vice-President of the European Commission responsible for the Digital Agenda Public-private cooperation in cyber-security,spoke at the Security and Defence Agenda…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing