What’s the difference between a ‘Malicious Threat’ and a ‘Careless Insider’?

Published on 21 November 2017

We all fantasize about what we’ll do on our last day of work. But few of us will go as far as the Twitter customer support employee who used their last day on the job to deactivate Donald Trump’s account. As far as final working day pranks go, one that makes international headlines is hard to beat.

It’s a stark reminder that businesses often grant employees a huge amount of power and access to valuable information. Such access can easily be abused with malicious (or mischievous) intent. Or it can provide the conditions in which a careless employee can allow sensitive data to be compromised.

To truly protect themselves, businesses must understand the difference between Malicious Threats and Careless Insiders, and how to protect against both.

What is a Careless Insider?

Careless Insiders are employees that accidentally leak company data, either through some mistake on their part or because they have unknowingly had their accounts hacked.

With employees and third parties getting more and more access to company data, this is becoming a regular occurrence. For example, a lawyer for Wells Fargo accidentally leaked 1.4 gigabytes of confidential client data when sending documents for a defamation lawsuit. And prior to that, the personal information of 36,000 Boeing workers was leaked when an employee accidentally emailed a spreadsheet containing the data to his spouse.

People make mistakes. But when they have access to huge amounts of sensitive information, these mistakes can have potentially disastrous consequences.

And sometimes, as a result of poor security hygiene, employees can give hackers access to company data without even realizing it. Hackers can compromise employee accounts through social engineering, phishing, installing malware, or sometimes, simply guessing a weak password using information gathered from social media.

In these instances, fraudsters can then exploit the privileged access of the user to steal data. These privileged access accounts often sit far outside of the business itself – the infamous Target breach was initiated using the stolen credentials of a small HVAC supplier with access to Target’s systems.

What is a Malicious Threat?

Malicious Threats are employees that deliberately steal or leak company data for personal or financial gain.

Often, this involves employees making off with company data and selling it on the black market, such as when an employee of healthcare firm Bupa stole 108,000 customers’ private information and shared it with a third party. Sometimes the reasons are more personal. A disgruntled senior auditor at UK retailer Morrisons leaked the details of over 100,000 employees after he was cautioned for inappropriate use of the company’s mail room.

Sadly, the Malicious Threat trend is becoming increasingly prevalent. Recent research found that nearly a quarter (24%) of employees have intentionally misused company email accounts to leak confidential information, typically with a competitor or a new employer.

How to combat the threat

In the light of the growing danger from Malicious Threats and Careless Insiders, there are several tools businesses can use:

  • Password Management – Specially-designed software that controls access to privileged accounts, generates strong passwords, randomizes them and stores them in a password vault. This makes it more difficult for hackers to steal credentials from employees.
  • Privileged Session Management – Systems that restrict user activity to just the areas of the network they need to access, and provide audit trails of user activity in real-time. This limits the type of assets that can be accessed by hackers if they compromise an employee login.
  • User Behavior Analytics – Continuously monitors user behavior (such as the rhythm of keystrokes or mouse movement) to detect anomalies in user activity. This can help identify when a hacker is logged into an employee’s privileged account and exhibiting abnormal behavior.


Find out more about to defend against Malicious Threats and Careless Insiders by reading our free whitepaper, Understanding Privileged Identity Theft.

by Balabit

Balabit, a One Identity business, is a leading provider of Privileged Access Management (PAM) and Log Management solutions. Founded in 2000, Balabit has a proven track record of helping businesses reduce the risk of data breaches associated with privileged accounts.

share this article
Mitigate against privileged account risks
Get in touch

Recent Resources

The top IT Security trends to watch out for in 2018

With 2017 now done and dusted, it’s time to think ...

The key takeaways from 2017’s biggest breaches

Like many years before it, 2017 has seen a large ...

Why is IT Security winning battles, but losing the war…?

When a child goes near something hot, a parent will ...

“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”

– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser