An Insider threat is an deliberate or accidental threat to an organisation’s security from someone who has authorised access, such as an employee.
Now, this is often in the form of a disgruntled fired employee who wants to get back at their former company. However, some insider threats come from those who are still working at the company who may be part of an organised crime network or an individual looking to harm the company through fraud, IT sabotage, intellectual property theft or espionage.
The accidental threat comes from employees who unintentionally expose confidential data through factors like weak passwords, poor cyber hygiene or sending a mass email with everyone's emails in the "To" field instead of the "Bcc" for example.
Whether their deliberate or accidental, insider threat contribute to a significant number of data beaches every year.
According to ,Digital Guardian, 68% of data breaches were as a result of insider threat.
In many cases breaches from former employees stem from an organisational failure to identify a change in employee status at the point the employee leaves the company – a classic disconnect between HR and the IT companies that are responsible for data security.
Some companies are more vulnerable to this than others – it often occurs where there are high turnovers of staff or where the HR function is outsourced. which is why IT and HR policies and procedures are key to help companies combat the threat and make it more difficult for Insiders to operate.
In June 2019 Lauran Arafat started work as a receptionist at a local spa in Yorkshire. But she had only worked for the business for two days before she was fired.
Within hours of leaving the company she accessed the company database remotely, using her iPhone to pretend to be another employee, and cancelled over two hundred appointments.
Staff tried for weeks to try and keep the business going but ultimately the business collapsed, and all the staff involved were made redundant.
The former owner stated,
‘We tried everything at a personal financial cost to stay afloat, but it was a perfect storm forcing the business into insolvency and ultimately completely destroying the reputation, future plans and possibilities,’ she said. She went onto say ‘We were served notice from our location. Absolute devastation ensued. The embarrassment and humiliation was unbearable.’
Arafat was arrested in January 2021 and following a court hearing at Leeds Crown Court she was made subject to a two-year community order and was told she must carry out 250 hours unpaid work and 15 days rehabilitation activity.
Former spa director Mrs Pearce said following the sentencing: ‘The last three years have been incredibly challenging and isolating with the case going from a civil matter to the Crown Court.
‘I truly hope, that if anything, the sentence issued demonstrates the severity and impact of this individual’s conduct and that it vindicates me. I will continue to use my experience to help others in the future.’
The impact of this insider attack is clear to see – both economically and personally. And it was able to occur simply because the company did not enact simple security protocols when staff left the business.
The least we can do is ensure that the same does not happen to our own businesses.
Threats like these are amongst the most difficult to guard against however there are some key considerations for companies.
Further guidance & support
You can contact the Cyber Resilience Centre for guidance and support through our e-mail ,enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.
We recommend that all businesses in the Eastern region consider joining our community as a ,free core member. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.
Reporting a live cyber-attack 24/7
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
Reporting a cyber-attack which isn't ongoing
Please report online to ,Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).
Click to Open Code Editor