Home Features Insider Threats: A Byproduct of the New Normal

Insider Threats: A Byproduct of the New Normal

As IT and security teams get accustomed to new cybersecurity tools in the age of remote working, insiders with malicious intent are exploiting fellow remote workers for access to corporate assets.

Insider attacker leak data

Despite the continuous security improvements, the concern over insider threats seems to be growing for organizations globally. The new distributed working conditions have also added fuel to existing fears. Even though most organizations stretched their security beyond their office perimeter due to remote workforce, the risk from intentional or unwitting insiders is still a primary security concern.

By Rudra Srinivas, Feature Writer, CISO MAG

According to “2020 Cost of Insider Threats: Global Report,” insider threats increased by 47% from 3,200 in 2018 to 4,716 in 2020. The cost of insider threat incidents also surged by 31% from $8.76 million in 2018 to $11.45 million in 2020. Negligent employees create around 62% of security incidents, costing global organizations an average of $307,111 per incident.

Apart from regular data breaches and COVID-19-themed cyberattacks, the year 2020 also witnessed several security incidents caused due to an employee’s malicious intension, negligence, or unintentional actions like responding to a phishing email with sensitive information or downloading malicious attachments.

Here are the four alarming incidents of 2020 that highlight insider risks: 

1. General Electric

Two employees at General Electric (GE) illicitly obtained trade secrets and intellectual properties from the company’s advanced computer models. The employees also stole GE’s marketing and pricing details and misused them for their business advantage. After many years of investigation, the FBI convicted the insiders and penalized them for $1.4 million in compensation to GE.

2. Twitter

In July 2020, cybercriminals obtained access to over 130 private and corporate Twitter accounts, in which attackers misused 45 accounts to promote their Bitcoin scam. Attackers compromised Twitter accounts of notable businesses and celebrities including Elon Musk, Bill Gates, Jeff Bezos, Apple, Uber, and other high-profile accounts. According to Twitter’s statement, attackers pilfered confidential account information by spear-phishing some of its employees. Adversaries targeted remote employees, gathered their login credentials by mimicking Twitter IT administrators. The scammers then used this information to break into administrator tools and compromised numerous accounts, changed their login credentials, and advertised their malicious schemes.  The Twitter hack sheds a spotlight on the dangers that insiders pose to organizations of all sizes.

3. Microsoft

A security blunder caused Microsoft’s unsecured database to expose 14 years of customer service and support data dating back to 2005, making it accessible to anyone with a web browser requiring no authentication at all. The exposure was discovered by security researcher Bob Diachenko, who also uncovered a total of five Elastic Servers containing 250 million records including logs of communication between Microsoft’s support engineers and its customers.

According to Microsoft’s statement, on December 5, 2019, a change was made to the said databases’ network security group. It was later found that appropriate measures were not taken to verify the Azure security rules and this misconfiguration further led to the data exposure.

4. Marriott

Global hospitality group Marriott International suffered a massive data breach that exposed the personal information of around 5.2 million guests after cybercriminals exploited a third-party application that Marriott used to provide guest services. It’s believed that the exposed data has been accessed by an unknown third-party using the login credentials of two employees at a group hotel, which is operated and franchised under Marriott’s brand.

In an official release, the company stated that the breach began in mid-January 2020 and was discovered at the end of February 2020. The incident exposed contact details including names, addresses, birth dates, gender, email addresses, employer name, room stay preferences, and loyalty account numbers. Marriott notified the incident to the relevant authorities for further investigation and informed those who were affected in the breach. Marriott also set up a website to help the impacted guests in the incident.

The Consequences of Insider Attacks

Insider attacks can impact an organization in a variety of ways. From high penalties to brand image damage, it whips multiple blows on companies. Some of the consequences include:

  • Loss of Customers’ Trust
  • Financial Damage
  • Loss of Intellectual Properties
  • Huge impact on the company’s reputation
  • High worth fines from data regulators

Preventive Measures

Though it seems like a tough task to predict or prevent insider threats, there are certain security measures and technologies that can help in identifying them. These include:

  • Providing continuous cybersecurity training to employees of all levels in the organization.
  • Making employees aware of all kinds of phishing attacks and malicious communications from third-party vendors.
  • Securing servers and databases with up-to-date industry specifications.
  • Introducing the Zero-Trust Security model.
  • Practicing robust authentication practices like 2FA and MFA wherever possible.
  • Having an actionable patch management policy.
  • Deploying access management and user activity monitoring solutions.

In Conclusion

The consequences of insider attacks are often devastating. Almost every company is vulnerable to insider-related security incidents. However, with a dedicated security team in place and with advanced cybersecurity measures, it is possible to eliminate them. In the current scenario, just relying on 2FA is not enough. Businesses need to start a board-level conversation about real-time behavioral analysis of end-users. This way, potential malicious insiders can be traced if they know they are being tracked.

About the Author


Rudra Srinivas is a Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.