What exactly are Insider Threats?
An insider threat is a perceived threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems.
Think of it like this: Let’s say some organisation has a super secure facility, with huge perimeter walls, barbed wires, cameras everywhere. Every door requires authentication etc. like literally a military base. Well all that doesn’t matter anyway if someone from inside just opens the door and gives access to an outsider to everything in that building.
I have been reading about Insider Threats recently. I completely believe that humans are the weakest link in an organisation. Even if your network is completely secure and you follow all security practices, you can’t really do anything if someone from inside goes rogue.
Companies need to invest in their “Layer 8”. There have been many cases where unhappy employees have passed out confidential data just because they were unhappy with their job. It’s hard to convince a happy person to commit treason against their company when compared to a person who’s not happy with their job.
And it’s not just unhappy employees that can be convinced to pass out critical data, sophisticated social engineering methods can be used to extract information from anyone. Humans are highly emotional beings and can be manipulated easily. That’s why training and awareness about such attack vectors is very important. In one such case the attackers developed an online friendship with an employee of a company and was their friend for more than a year. Employees can also be convinced to pass away information if they are facing a financial crisis and desperately want money. That’s why it is also important for companies to pay their employee adequately.
That brings me to my point on why Indian companies are more vulnerable to insider threats. During the course of the last few decades, India has become an IT Hub. A lot of companies outsource various tasks to Indian companies. These companies make their employees work very long shifts and support staff, L1 techs etc. are paid very low salaries. The low cost of hiring IT professionals in India makes it attractive for organizations to outsource their IT functions to India. However, this can also increase the risk of insider threats, as employees may be tempted to steal data or commit other malicious acts in order to make money.
And many Indian businesses are not aware of the risks posed by insider threats.
Companies are making working from offices mandatory in order to keep an eye on their employees, this is not the proper way to approach this problem. It will just increase mistrust and unhappiness in the employees.
There have been cases of companies using absurd methods and micromanagement to control and monitor what employees are doing during WFH or even spying on them using webcam:
So how can this vulnerability be mitigated?
I am just sharing my thoughts, I don’t have any actual experience regarding any of this. But I think that the first thing is to make sure that employees are happy with their jobs, and are paid well.
The second thing is to make sure everyone in the organisation is aware about social engineering attacks and insider threats. And there should be proper security controls regarding who can access the critical data. For instance, someone in marketing shouldn’t be able to access company’s intellectual property, right?
Anyways, thank you for reading! This was just me randomly expressing my thoughts.