In its 2022 Insider Risk Intelligence & Research Report, DTEX Systems, a workforce cyber intelligence and security company, identifies a new cyberthreat: the “Super Malicious Insider.”
Just what is a Super Malicious Insider and where does it come from? Well, it comes from inside your own organization or someone who recently worked for you — a threat actor who may be truly of your own making.
“It was the year (2021) we all came to realize the Work-from-Anywhere (WFA) movement was here to stay,” DETX reports. “For security and risk professionals, this hastened the end of corporate perimeter-centric security and a requirement to protect hundreds of thousands of ‘remote offices’ outside of traditional corporate controls. To make matters worse, a measurable increase in employee attrition toward the end of 2021 created the perfect storm for insider threats.”
So, if your organization didn’t observe a proportional increase in attempted or actual data loss, then you were likely not looking, DETX asserts.
The Rise of the Super Malicious Insider
The DTEX Insider Risk Intelligence and Investigations Team (i3)Team probed the complex relationship between cybersecurity technologies and programs and human behaviors across the remote work environment.
Importantly, DETX notes a key difference between “insider risk” and “insider threat.” Anyone who has access to sensitive information is an insider risk. But insider risk does not necessarily imply malicious intent. That is reserved for insider threats — those employees, vendors or partners who plan and execute actions to steal or release data or sabotage corporate systems.
Insider threats are most often financially motivated, DETX advises. These are a mix of those who want to personally profit from the sale of sensitive corporate information and IP on the black market. Thus, not every insider risk becomes an insider threat. However, every insider threat started as an insider risk.
The Super Malicious Insider is better able to hide their activities, obfuscate data and exfiltrate sensitive information without detection. Importantly, in numerous insider incidents reviewed in 2021, the Super Malicious Insider had made significant efforts to appear normal by not straying outside of their day-to-day routine, DETX reports.
Insiders Know Your Vulnerabilities and Can Exploit Them
Theft of trade secrets and source code, to collusion with a foreign adversary, captures the depth and breadth of inside threat actors, DETX explains. For example, when an employee quits to join a competitor, it is often tempting to take proprietary information with them. This can include customer lists, product plans, financial data and other IPs.
While the loss of sensitive data obviously hurts the employee’s former company, it also presents legal liability when uploaded to the new employer’s systems. In fact, DETX found that 56% of organizations surveyed had sustained potential data theft because of employees leaving or joining the company
Understanding the Cyberthreat Landscape
DETX conducted its research with the purpose of helping business leaders, cybersecurity execs, research organizations, MSSP providers and others understand the activities, behaviors and communications that employees create through unnecessary risk and threaten the security of regulated data, workforce privacy, industrial intellectual property and financial information.
Here are some key statistics from the report:
- Industrial espionage is at an all-time high. In 2021, 72% of respondents saw an increase in actionable insider threat incidents. IP or data theft led the list at 42% of incidents, followed by unauthorized or accidental disclosure (23%), sabotage (19%), fraud (%) and other (7%). In fact, 42% of all DTEX i3 investigations involved theft of IP or customer data.
- The technology industry (38%), followed by pharma/life sciences (21%), accounted for the most IP theft incidents. In addition, technology (33%) had the most super malicious incidents, followed by critical infrastructure (24%) and government (11%).
- Investigations that led to criminal prosecution occurred within someone’s home 75% of the time. More telling, 32% of malicious incident incidents included sophisticated insider techniques.