Identity And Access Management
July 11, 2023
5 Minutes
When people think about cyberattacks, most of the time they think of outside hackers or organizations that infiltrate a business’ network using the latest technology and tactics. But most don’t know that a lot of costly attacks stem from people inside your organization. These threats are often caused by ex-employees.
So, the uncommonly asked questions are: how do you protect yourself from disgruntled employees? And, what do you do in the event of a disgruntled employee cyberattack?
Use DOT Security’s checklist, How Covered is Your Business?, to help you measure your current cybersecurity posture and see if you have the technology and protocols necessary to stay secure against modern threats.
Security from disgruntled employees is a very real problem for businesses. Insider threats—a cyberattack executed by an employee or ex-employee who uses their authorized access to inflict harm—make up about 5% of all cyberattacks. Insider threats are semi uncommon cyberattacks, but when successful, they are highly damaging because the malicious actor has an intimate knowledge of the systems and databases and knows exactly where to find sensitive information they can already access without raising internal flags.
75% of insider threat attacks are caused by disgruntled employees who, after being let go or made upset, steal or destroy company data in an act of revenge or retribution. This could mean stealing company information to sell to competitors, exposing company secrets, deleting important files to disrupt operations, and more. These are just a handful of examples of disgruntled employees seeking revenge.
It’s important to note that not all insider threats are simply disgruntled employees. Negligent or careless workers who aren’t following (or are unaware of) security best practices, third-party partners who have access to your network but lack adequate security systems, and people who may sidestep security protocols in the name of convenience can all become major security vulnerabilities.
In November of 2021, a GE engineer was caught stealing over 8,000 sensitive files, including marketing data, pricing information, and other confidential documentation. They had enlisted the help of an IT administrator who used their access to obtain the files. After an 8-year period of data being slowly siphoned, an FBI investigation was initiated by GE and the criminals were caught.
Another example is a former systems administrator at a Georgia-Pacific paper mill in Port Hudson, Louisiana. This person was made redundant by the company and let go. But, using his same login credentials, he was able to access the company’s network and install new software which halted many of the industrial control systems at the mill, causing immense downtime and causing over $1 million in damage.
While insider threats still don’t make up a huge portion of the overall cybersecurity risk picture, they have been increasing in frequency over the last few years. With this trend, as is expected, larger organizations experience more insider threats than those operating on a smaller scale.
These examples, and the rate at which insider threats are increasing, should demonstrate the importance of knowing how to protect yourself from disgruntled employees.
Protecting yourself from insider threats conducted by disgruntled employees mostly involves having solid cybersecurity best practices and protocols in place, like off-boarding processes and consistent management of your access controls.
Having these policies in place will act as a first line of defense against potential insider threats that can emerge from unhappy or disgruntled employees.
Here are 8 quick security tips on how to protect yourself from disgruntled employees in the future.
Establish Policies for Quick Employee Off-boarding: Have a written down and practiced process in place for when a person leaves the company. This entails deleting old accounts, removing authorizations, keeping track of who does what, and anything else specific to your business that needs to be done.
Frequently Review Access Controls and Employee Authorizations: As part of the recommended protocols for identity and access management, it’s key that you frequently review all given authorizations. This will not only help you keep unauthorized people out (like disgruntled employees), but it’ll also help you stay more secure by ensuring people can only access the information they need.
Change Passwords: As an extra precaution, you can choose to reset important passwords protecting key systems after a difficult departure.
Collect All Company Hardware: Make sure you get all company-owned laptops, tablets, computers, phones, and any other devices.
Notify Partners, Customers, and Employees: If you think an employee may try to steal data after they’ve left the company, it’s useful to notify any relevant parties. This way they know not to respond to any communications from that person and to keep an eye out for anything suspicious like data or information requests.
Implement Network Monitoring: If you have a baseline for what typical network activity looks like, you can more accurately and quickly pick out abnormalities that could be signs of malicious insider activity. There is software capable of automatically mapping standard baselines for the entirety of the business as well as individual users.
Educate Your Employees: Providing your employees with the resources they need to become more informed on cybersecurity best practices is a great way to protect your business. People who understand security and potential attacks are more able to identify and avoid them.
Establish a Culture of Security: Cyber threats never go away, and they seem to come from all directions these days. Businesses need to make it an everyday part of their operations so that everybody has it in the back of their minds when accessing data, sending files, building credentials, and doing anything else that could become a liability at some point.
Disgruntled employees and other insider threats can be some of the most dangerous attacks for businesses if caught off-guard and unprepared. On the other hand, with proper network monitoring, an educated workforce, and a strong off-boarding process, you can cover your bases and rest assured you’re doing everything in your power to protect your business.
Are you protected against risks from insider threats and the countless other attack vectors cybercriminals can use against you? Use our checklist, How Covered is Your Business?, to determine what security systems you need to stay protected against all modern cyber threats.