If you were to look at a stock image of a hacker, it would show a hooded figure hunched over the desk who’s lost in the sea of green text and numbers that flash across the screen.

If you were to look at an actual picture of a threat actor, it might resemble Daniel from human resources – that same person who was denied a promotion after being the longest tenured member of the department.

Although the most sensational headlines focus on ransomware, malware and fileless attacks, it’s the quieter infiltrations that wreak havoc in even the most secure companies. These are known as insider threat campaigns, and every business should know how to detect and respond to them.

The data breach enterprises never see coming

Insider threats are rogue employees with one of two goals: Disrupt operations by any means possible, or steal sensitive information from databases. They can also represent negligent end users.

It’s likely that these team members have an intimate knowledge of the organisation’s digital infrastructure. This includes the software being used on a daily basis, how to access closely monitored databases and what security measures are in place to defend against tampering.

Insider threats are outpacing externally driven cyber-attacks throughout the past few years. Over half of all attacks start with employees – through either malicious intent or negligence – and this number is only creeping up, according to multiple IBM X-Force Threat Intelligence Index reports. Yet, just 39 percent of companies maintain a close eye on users with higher authorisation than the average employee, according to a UBM report.

Cyber-attacks conducted by employees carry an average cost of roughly $8.76 million per incident, according to the Ponemon Institute’s 2018 Global Cost of Insider Threats report. It’s a concerning discovery considering that 9 out of every 10 companies feel that their defence mechanisms in place to stop insider threats aren’t adequate enough, the CA Technologies 2018 Insider Threat report found.

Behaviour is an insider threat tell-all 

Detecting and responding to insider threats relies on a combination of modern cyber security tools and improved general awareness of the entire staff. Spotting rogue behaviour early is critical in stopping the campaign before any long-lasting damage is done.

There are a number of telltale signs an employee is either planning a hacking attempt, or currently in the midst of it:

1. Denied a promotion or wage raise.

2. Exhibits anti-social behaviour.

3. Under financial duress.

4. Leaving to go to another company.

5. Gaining privileges that don’t pertain to their department or have multiple attempts to gain access to unauthorised areas of the digital infrastructure.

6. In the office or connected to the network at odd hours.

7. Efforts to disguise activity.

8. Missing documents, blueprints or internal assets.

But malicious intent isn’t the only insider threat – negligent staff make the company just as vulnerable. There are a number of key characteristics that can be used to identify employees who pose a risk to the business through negligence:

1. Dishevelled work space.

2. Careless with sensitive corporate information.

3. Downloads risky third-party programs.

4. Doesn’t follow cyber security policies in regards to multi-factor authentication and other account protections.

5. Interacts with potential phishing campaigns from unknown external sources.

NextDLP to tackle insider threats

Insider threats are difficult to spot, even when you know all the signs to look for. Missing one cue could lead to highly sensitive information ending up in the wrong hands. 

The NextDLP Managed Service from Integrity360 offers an innovative solution covering Insider 
Risk Management (IRM) and Data Loss Prevention (DLP) with a lightweight endpoint agent. It is 
cloud-managed and comes with out-of-the-box policies for risk reduction from day one. 
Fully managed by Integrity360 SOC and hosted on our NextDLP Reveal MSSP cloud, this 
service addresses a multitude of customer challenges.  Our service offers advanced insider 
risk management capabilities, powered by a combination of Machine-learning and static 
rules, identifying risky behaviors and taking proactive measures to mitigate threats. Get in touch to learn more.