Insider Threat Management

Key Learnings from Real-World Insider Threats

Insider threats are a more present danger than ever before, with incidents increasing by 47% over the past two years.

Whether driven by negligence, malice, or criminal intent, the consequences can be severe.  Insider threats cost organizations almost $12M last year, with the cost of a single incident ranging from $300,000 to $800,000.

More recently, organizations have had to re-think the way they work, as a result of the disruption caused by the coronavirus – resulting in mass migration to remote working, job insecurity, more unstructured work environments – which has only served to increase this risk.

But while the current climate may have created fertile ground, organizations the world over have been falling victim to this increasing threat for some time. Almost 90% of businesses suffered a data breach in the past five years, with over half of those driven by insiders.

By examining these incidents, we are not looking to point the finger but rather learn lessons. The more your organization learns about the makings and the consequences of insider threats, the better you can defend it against them in the future.

Desjardins Group loses $10m
In late June 2019, the Canadian financial services company Desjardins Group, the largest group of credit unions in North America, fell victim to large scale malicious insider attack.

A group employee was able to steal bank customer information and pass it on to cybercriminals. The result? The loss of six million customer records and costs totaling $10.8 million. The employee in question was fired and arrested. 

Supermarket sued after data breach

One of the UK’s largest supermarkets, Morrisons, suffered a substantial data breach in 2014, involving the payroll data of 100,000 employees. The data, leaked by a senior employee, included personally identifiable information (PII) as well as bank and salary details.

To make matters worse, the company was subsequently sued by 5,000 of its employees who alleged Morrisons had failed to prevent the leak and left them exposed to potential fraud.

Twitter hacked by teenagers

In July of this year, teenage hackers coerced a Twitter employee into giving up admin credentials. The group used these admin privileges to take over several high-profile accounts, including Elon Musk, Barack Obama, and Jeff Bezos.

Once in control of the account, they tweeted a link to a double your money Bitcoin scam, defrauding Twitter users of hundreds of thousands of dollars.

IT employee seeks revenge

Having resigned from his role as an IT admin, a former employee at an Atlanta-based building firm set out to sabotage the company.

In an apparent protest against new management, Charles Taylor remotely logged into the company network, using encryption tools to cover his tracks. Once in, he changed passwords for routers across dozens of sites. His actions resulted in days of disruption and significant financial damages and he was found guilty and forced to pay damages of $835,000.

Negligent third-party cause $1m damages

In 2018, Singapore healthcare firm, SingHealth, suffered a 1.5m record data breach that included the country’s Prime Minister.

The breach, which resulted in costs totaling $1 million, was found to be the result of poor system management, lack of user training, and inadequate security measures. To compound matters, the company’s IT contractor was aware of suspicious network activity but failed to flag an attack or take action.

Defending from within

As these examples make clear, insider attacks are a threat to organizations of all sizes, and across all industries. There is no single motive or method. Insider threats can be perpetrated accidentally or maliciously by a single employee or a nation-state actor.

This makes them hard to detect and even harder to deter. But while there’s no silver bullet to preventing insider threats, every example above could have been mitigated with greater security awareness training, increased visibility and tighter controls.

Essentially, the more you understand about your organization – your data, your networks, and your people – the more equipped you are to protect them.

For more real-world examples of insider threats, and more importantly, the lessons we can learn from them, listen to our latest webinar on “The 10 Biggest and Boldest Insider Threats of 2019/2020”.

 

Subscribe to the Proofpoint Blog