Employees with an axe to grind are increasingly sticking it to their current or former employers using e-tools such as cloud storage sites or remote access to a company’s computer network, the US Federal Bureau of Investigation and Homeland Security Department said on Tuesday.
Such workers are using cloud storage tools such as Dropbox to steal trade secrets or proprietary software.
Beyond that, the FBI says it’s conducting a growing number of “significant” investigations into disgruntled and/or former employees who’ve used their network access to destroy data, obtain customer information, purchase unauthorized goods and services using customer accounts, or gain a competitive edge at a new company.
In addition to cloud storage, personal email accounts are also being used to steal proprietary information.
And in many cases, the FBI has found that terminated employees installed unauthorized RDP (remote desktop protocol) software before they exited their companies, thereby ensuring that they could retain access to the businesses’ networks to carry out their crimes.
Victimized businesses report that the costs of malicious insider cyber-sabotage range from $5000 to $3 million.
It all adds up, given the value of stolen data, plus the costs of technology services, establishing network countermeasures, legal fees, loss of revenue and/or customers, and the purchase of credit monitoring services for employees and customers affected by a data breach.
It’s hard to pinpoint how much data loss can be attributed to malicious employees.
For example, a report from the threat intelligence consultancy firm Risk Based Security (RBS) found that insider threat in 2013 was much less severe than many expected, with only 9.4% of data-loss incidents caused by malicious actions from insiders and 17.1% attributed to accidents.
But that finding runs contrary to other studies.
A year ago, Forrester Research found that 25% of survey respondents said that abuse by a malicious insider was the most common way in which a breach had occurred in the previous year.
One thing seems to be certain: judging by what the agencies have reported, malicious insider threats are on the increase.
Multiple incidents have involved disgruntled or former employees who’ve attempted to extort their employer by putting a chokehold on company websites, modifying and restricting access.
In some cases, insiders have disabled content management systems or conducted distributed denial-of-service (DoS) attacks.
How to deal with dangerous insiders
As Naked Security has advised in the past, a sound course of action in dealing with security breaches, be they from malicious insiders, insiders who make mistakes, or outsiders, is to have an incident-handling plan in place before a breach takes place, rather than after.
For example, a good incident-handling plan includes things such as the distribution of call cards, which could help in the event that normal communications are held hostage by a malicious insider who disrupts access to the LAN so that nobody can find anyone else’s phone number and email.
Knowing how to report crimes and engage law enforcement can also be important.
Naked Security has published a series of quick guides on reporting computer crimes that should help your organization find out who to contact if you need them.
Image of angry employees courtesy of Shutterstock.
There seems to be a disparity between the new study and other studies. However, not really:
The new study spoke about malicious actions being at 9.4% insider. The old studies that mentioned over half of threats came from insiders.
Those can both be true. Half of all security events are via insiders. But, only a small percentage of those are damaging.
One thing they could have done better: define the word malicious. The general usage is anything not wanted, but they seem to be using it in the sense of damaging or attempting to damage. Perhaps that’s where the disconnect occurred.