Security

The history of the insider threat: from then until now

Published on 16 February 2018

While you can do all that you can to protect your organization from outside threats, you’ll always be vulnerable to insider threats. This is because employees need to be trusted with a degree of autonomy if they’re to go about doing their job productively.

That said, insider threats are on the rise. According to research from Haystax Technology, 40% of IT professionals rate malicious insiders as the most damaging threat that their companies face, while over half (56%) say they’ve seen an increase in insider threat-related incidents in the last year.

It’s obvious that more needs to be done in order to curb the risk. But to understand how to tackle malicious insiders, it’s important to consider how they’ve developed over time.

A short history

The origins of insider threats go back decades, if not centuries. Perhaps the first instance of an insider threat can be seen in the biblical story of Adam and Eve, where a serpent (the ‘insider’) tempts the pair into taking a bite of the forbidden fruit. It’s all a bit downhill from there, really. Cases of traitors and collaborators orchestrating great downfalls from within are rife throughout human history.

Some notable examples include Robert Fortune, the Scottish Botanist who smuggled tea plants out of China on behalf of the British East India Company by disguising himself as a Chinese merchant. Or Julius and Ethel Rosenberg, who were convicted of conspiring to provide US atomic bomb secrets to the Soviet Union. Or Kim Philby, who was a double agent for the KGB while working as a high-ranking member of the British intelligence.

More recent examples include Alphabet, Google’s parent company, filing a lawsuit against a former engineer for allegedly copying 14,000 confidential files about self-driving technology and taking the information to his new employer, Uber. Or the case of a disgruntled Morrisons employee who purposely leaked payroll information. As a result, the judge on the case declared the UK supermarket “vicariously liable” for the actions of its rogue employee.

Thanks to more digital processes being embedded in organisations, and data now being a highly prized asset, the risk of everyday employees turning into insider threats is riper than ever.

Of course, insider threats can be in form of employees acting carelessly. But the examples above highlight that people can and will act with malicious intent. When personal behavioral characteristics are triggered with a stressor (such as a gambling problem or poor performance review), employees can be swayed to betray an organization’s trust. What’s important to note is that whatever the cause, and whether it’s intentional or a mistake, staff negligence can lead to potentially huge and damaging data loss.

What to do about this

While the rise in temporary and remote workers has increased third-party risk for businesses, it’s those with privileged IT access that organizations should be most worried about.

Robust security policies that limit unnecessary risk exposure can help. This can mean limiting BYOD policies only to those employees who really need it. Effective staff training programmes need to also be considered. When employees understand the reasons why they’re required to authenticate their identities and adhere to certain security processes, they are more likely to comply.

Privileged access management tools are also useful for helping IT experts keep an eye on staff. These allow businesses to monitor several data points over time, which can lead to patterns emerging. Once these patterns are established, it becomes a lot easier to flag up any unusual activity, all without having an overbearing presence.

Be it malicious or accidental, people from within your organization will always pose a risk. But placing trust in employees is essential if they’re to do their jobs. After all, it doesn’t take long for too many security checkpoints to hinder productivity and create frustrations. On the other hand, you want to protect your business from actions that could pose harm. The challenge is to find the right balance between the two.


Read our whitepaper to learn more on protecting against insider threats.

by Balabit

Balabit, a One Identity business, is a leading provider of Privileged Access Management (PAM) and Log Management solutions. Founded in 2000, Balabit has a proven track record of helping businesses reduce the risk of data breaches associated with privileged accounts.

share this article
Mitigate against privileged account risks
Get in touch

Recent Resources

The top IT Security trends to watch out for in 2018

With 2017 now done and dusted, it’s time to think ...

The key takeaways from 2017’s biggest breaches

Like many years before it, 2017 has seen a large ...

Why is IT Security winning battles, but losing the war…?

When a child goes near something hot, a parent will ...

“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”

– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser