A Malicious Insider Threats occur when an insider uses their privileged access to a company’s resources and harms that organization’s data, systems, or IT infrastructure. Malicious insider events include stealing and selling intellectual property to competitors, placing back-doors into systems and networks to access after termination, disgruntled employees who destroy critical systems or block access to critical files, systems, or services. Each of these events is considered a purposeful, malicious, insider attack on a company.
A related term is the Accidental Insider Threat or Incident, in which an employee causes a security incident on accident. Accidental incidents happen many ways such as exposing a database without properly securing it, not patching critical systems that subsequently are exploited, and responding to phishing attacks from hackers by sending them critical or sensitive information.
Both malicious and accidental insider events put your business at grave risk.
What does this mean for an SMB?
As an SMB, there are some simple and easy ways to protect yourself against accidental and malicious incidents from insider:
- Implement the Principle of Least Privilege;
- Monitor systems to see where data is coming from and who is accessing it;
- Enable Data Loss Prevention technologies in your email to spot critical or sensitive data leaving your environment; and
- Train employees on the security basics including how to spot suspicious behaviors that could indicate a malicious insider.
- Develop a culture of “if you see something, say something”.