Malicious employees affect companies’ cybersecurity

Cyber ​​​​incidents Human factors are usually attributed to occasional employee error, but a more important element is often overlooked: intentional malicious behavior by staff.

This fact is confirmed by a new study by Kaspersky found that in the last two years, 67% of companies in Latin America faced cyber incidents, 10% of which were caused by intentional malicious behavior by employees.

When examining the human factor, There are various elements that can negatively affect a company’s operations, from common employee mistakes to bad budget allocation by decision makers. But one of the most important factors that is often overlooked is the malicious actions of staff.

This key discovery was made recently A Kaspersky study that shows this, in the last two years10% of companies in the region have suffered cyber incidents due to
malicious behavior for personal gain displayed by employees.

A recent case at Tesla illustrates the dangers which represent internal threats to companies. Two former Tesla employees gave the names, addresses, phone numbers and email addresses of 75,735 current and former employees to a German newspaper. Maine regulators were notified of the incident in a data breach notification on August 18, 2023. after the company found out information leaks on May 10 of the same year, by the German media Handelsblatt, and conduct an internal investigation.

Insider Threats: What You Need to Know There are two main types of insider threats: unintentional and intentional. Unintentional or accidental threats are employee mistakes, such as falling for phishing and other social engineering methods or sending information sensitive and trusting to the wrong person, etc.

In contrast, deliberate threats are made by malicious people who They intentionally hack into their employers’ systems. They usually do this for financial gain by selling sensitive data or as an act of revenge. They are intended to interrupt or stop the organization’s regular operations,
expose IT weaknesses and obtain confidential information.

Insiders with malicious intent are the most dangerous of all employees who can cause cyber incidents. The threats posed by their actions are complicated by several factors:

● They have specific knowledge about the organization’s infrastructure and processes, including an understanding of the information security tools used.

● They are already inside company network and do not have to penetrate the perimeter from the outside through identity theft, firewall attacks, etc.

● They have colleagues and friends within the organizationwhich makes it much easier for them to use social engineering.

● Employees with inside information and malicious intent They are highly motivated to harm your organization.

One of the main reasons why employees take action malicious actions towards the employer is a financial benefit. This often means stealing sensitive information with the intention of selling it to a third party: competitors, or even auctioning it off on the dark web, where cybercriminals buy data to attack companies.

When employees are fired, abusive behavior can occur for revenge. This can even happen through connections with current staff, but, in the worst case scenario, it happens if they can still log into their work account remotely because the organization didn’t remove their ability to access their systems as soon as the employee left the company.

Employees can also act maliciously when they are dissatisfied with their job or to take revenge on the employer who, for example, did not give them the expected raise or promotion.

Another interesting type of malicious activity occurs when one or more employees collaborate with an outside actor to threaten the company. organization. These incidents often involve cybercriminals recruiting employees to perform different types of attacks. There may also be instances where third parties, such as competitors or other interested parties, work with staff to obtain sensitive company information.

Malicious people can be discovered anywhere: in large or small companies, you never know. Therefore, companies must build an up-to-date, resilient and transparent IT security system that connects effective security solutions, Intelligent security protocols and training programs for IT and other personnel to protect against this threat. In addition, it is critical to implement products and solutions that protect the organization’s infrastructure. For example, our Kaspersky Endpoint Detection and Response Optimum features advanced anomaly control to help detect and prevent activity suspicious and potentially dangerous, both from a person working in the company and from actors outside the organization, says Alexey Vovk, director of information security at Kaspersky.

To fight against malicious internal threats, Kaspersky recommends:

● Implement cCyber ​​security training to raise employee awarenessprevent intentional violations of the information security policy and teach them safe behavior on the Internet.

● Invest in relevant training programs for cyber security professionals. There are online training programs that help develop simple yet effective best practices, Simple answer scenarios related to IT security to incidents for general IT administrators, while there are other alternatives that offer your security team the latest knowledge and skills in threat management and mitigation.

● They exist on the market tools that potentially help prevent activities dangerous employee actions or an alert in case an attacker has taken control of the system.

● Control and limit the use of personal devices, applications and third-party services. Kaspersky Endpoint Security for Business and Kaspersky Endpoint Security Cloud offer controls that limit the use of applications, sUnwanted websites and peripheralssignificantly reducing the risk of infection even in cases where employees use devices, applications or services not authorized by the company to transmit data.

● Implement enabling productsimpersonate administrator rights only those possibilities that are really necessary for the job.

● Kaspersky Security for Internet Gateway also has content filtering, to prevent the transmission of unwanted data, regardless of its type, platform protection status, or user behavior at endpoints within the network.