Please fill in the form below to subscribe to our blog

Malicious Insider Threats Are More Complex Than You Think

March 24, 2022

Not All Malicious Insider Threats Are The Same.

Most employees have their company’s best interests at heart when they’re going about their workday duties. Unfortunately, not all employees feel that way. Malicious insider actions were responsible for an estimated 20% of confirmed data breaches in 2022. While it may not be pleasant to think about that, it is necessary for IT teams to account for the risks presented by malicious insiders. However, malicious insiders aren’t always easy to find within an organization. Worse yet, some malicious insiders are in a position to do a lot more damage than others, and that damage may be harder for IT teams to spot and handle quickly, leading to disaster.  

security awareness training cuts costs represented by a bright blue-white digitized dollar bill on a red, white and navy background of computer code

Stop cyberattacks & save money: See why security awareness training is your best investment. DOWNLOAD NOW>>

How Much of a Problem is Insider Risk for a Business? 

The choices that employees make every day have positive and negative impacts on their employers’ security. Actions by malicious insiders and mistakes by well-meaning employees are equally risky propositions for any organization. Insider risk is something that can’t be eliminated but it can be contained. That’s something every organization has to pay attention to because insider risk of all kinds is on an upward trajectory. 

This data was excerpted in part from our eBook The Guide to Reducing Insider RiskDOWNLOAD IT NOW>>

Are your users ready to handle all of the risks they face daily? Make sure you’ve covered all the bases! GET A CHECKLIST>>

What is a Malicious Insider and Where Could They Be? 

A malicious insider is an employee who takes actions that cause intentional harm to their employer. They’re not just rank-and-file employees either. A malicious insider can hold any position in an organization’s hierarchy, from the front desk to the C-Suite. In fact, the farther up the food chain an employee is, the more privileges they have and the more damage they could potentially cause. In general, malicious insiders at any level can cause massive damage to a company fast. More than 60% of cyberattacks are attributed to insiders. Malicious insiders are generally judicious about their targets. After all, nobody wants to get caught. There are some commonalities in the departments that are most likely to be targets of or impacted by malicious insider activity.  

The Top Departments for Malicious Insiders to Target   

Finance 41%
Customer Success 35%
Research and Development (33%)    33%
Source: Swiss Cybersecurity Forum   

Is it time to update your security awareness training policy – or create one? These 6 tips can help! DOWNLOAD NOW>>

Malicious Insiders Are Tricky to Spot

Malicious insider threats aren’t a one-size-fits-all proposition, but the 2021 Verizon Data Breach Investigations Report shows what some of the most common motivators of malicious insiders are. Some insiders are motivated by money, the most common reason that an employee chooses to act against their company. An estimated 70% of malicious insider breaches are financially motivated, chiefly through employees selling credentials or access to systems and data on the dark web. Another 25% of malicious insider incidents are caused by insiders motivated by a desire to steal corporate secrets like proprietary technology, blueprints, formulas and similar things. Around 4% of malicious insider incidents are caused by angry employees who want to damage the company. They sometimes choose to do that by deploying ransomware or deleting data. Malicious insiders may also sell or provide their access to a company to groups engaged in nation-state cybercrime operations. That typically falls into the “financial motivation” category although individuals may be driven by ideological motivations as well. 

Another reason that malicious insider threats can be tricky to ferret out is that the employees involved won’t all be taking the same actions or after the same things. Fortunately, there are some actions that it is common for malicious insiders to take, giving IT teams a few red flags to look for. 

The Top Malicious Insider Actions   

Exfiltrating Data  62%
Privilege Misuse 19%
Data Aggregation/Snooping  9.5%
Infrastructure Sabotage  5.1%
Circumvention of IT Controls  3.8%
Account Sharing    0.6%
Source: Statista  

a cartoon image of hands with fingers pointed at an embarrased-looking white woman with a brown bob in professional clothing

Your company’s top security risk is already inside the building. Learn how to fix it with The Guide to Reducing Insider Risk. GET IT>>

More Privilege = More Damage 

While every malicious insider is a dangerous security problem, it’s safe to say that the more privileges an employee has within the company’s network, the more damage they’re capable of inflicting on that company. If that employee is security savvy or intimately familiar with their company’s security structure it can be disastrous. Those employees or super malicious insiders know exactly how their company looks for insider threats and exactly which indicators would tip off security staffers. They also know the capabilities of their employer’s security measures and security team. Sometimes, they even know how to manipulate or bypass automated and software-based security measures to avoid detection. The super malicious insider accounted for 32% of malicious insider incidents investigated in 2021. 

That high degree of knowledge makes super malicious insiders significantly more dangerous than your average insider threat. Unfortunately, the incidence of insider threats from insiders with a great deal of knowledge of their company’s security is on the rise. Researchers in a recent study discovered a 32% increase in the use of sophisticated insider techniques. Some of those techniques include using burner email accounts, something just under half of malicious insiders did.  Researchers also noticed a noticeable increase in the use of OSINT practices to conceal identity. A stunning 96% of security-savvy malicious insiders made sure to avoid raising red flags by avoiding techniques known in the MITRE ATT&CK framework. 

faint images of US dollars in a pile shaded in rainbow prismatics

Find out exactly how security awareness training makes your company safer & saves money! WATCH NOW>>

Remote Work Magnifies Insider Risk 

The rise of remote work has brought a panoply of new threats for IT professionals to handle. A report in Info Security Magazine detailed the growth of insider threats from remote workers between 2020 and 2021, and the findings are not anything IT professionals want to hear. Insider threats, both malicious and non-malicious are on the rise in the remote work era. The volume of insider threats altogether that resulted from the actions of remote workers grew by just under 45% in 2021. Associated costs for handling insider threats from remote workers jumped 34%, from $11.5 million in 2020 to $15.4 million in 2021.  

Remote work is ideal for malicious insiders. It gives them more time and more opportunity to act without getting caught as well as enabling them to take malicious actions that might not be possible if they were working on site. For example, researchers noted a 200% year-over-year increase in data loss caused by insiders taking screenshots in virtual meetings. Remote work also makes it harder for companies to discover that they might have a malicious insider at work. It also leads to a longer gap between discovery and containment. In 2022, it takes an average of 85 days to contain an insider incident, up from 77 days in 2020. 

Learn 5 red flags that could indicate a malicious insider is at work in your organization! DOWNLOAD INFOGRAPHIC>>

Good Digital Risk Protection Mitigates All Types of Insider Risk  

Strong security is essential for guarding against insider risk of any kind, and ID Agent can help. Schedule a demo of our digital risk protection platform today including: 

Dark Web Monitoring with Dark Web ID 

Dark Web ID – Is one of your users selling their password on the dark web right now? Don’t let cybercriminals sneak into your network to snatch your data with a compromised credential. Get the power of 24/7/365 human and machine-powered on your side monitoring employee passwords, business and personal credentials, domains, IP addresses and email addresses.      

Security Awareness Training with BullPhish ID 

BullPhish ID – Organizations that regularly conduct security awareness training have up to 70% fewer cybersecurity incidents. Educate staffers on how to spot threats and reinforce good security behavior with training in phishing, ransomware, nation-state threats, password safety and a variety of compliance topics with 4 new videos added per month! 

Don’t just take our word for it, see what these MSPs have to say: 

Get ready to pack your bags for Connect IT 2022! Join us June 20-23 in Las Vegas for the industry’s premier event! REGISTER NOW>>

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!