Malicious insiders can be employees, former employees, contractors or business associates who have legitimate access to your systems and data, but use that access to destroy data, steal data or sabotage your systems. It does not include well-meaning staff who accidentally put your cyber security at risk or spill data.
There are many reasons an insider can be or become malicious including revenge, coercion, ideology, ego or seeking financial gain through intellectual property theft or espionage. They could:
- impact external sites, creating public damage to your brand
- prevent your systems from functioning properly
- steal or sell business trade secrets or intellectual property (IP)
- install malware for their own purposes
Cyber adversaries can use employees whose trust they have gained to access your business systems and accounts. Employees could provide information to a malicious insider unknowingly, or mention sensitive details in trust.
GuardWare INSIGHT Cyber Awareness’s focus is about detecting and educating users as and when they perform risky action. Its aim is to not educate users on a perceived threat but actively detect and educate as when they perform human error or risky activities. Below are some examples of these actions:
- User mistakes – like using unauthorised or risky apps and means to transfer data
- Emailing sensitive data to wrong or risky locations
- Using unencrypted USBs to carry sensitive data
- Sharing sensitive data using anonymous links without any password or security
- Submitting company data to risky / non-company websites