The malicious insider, a threat hiding in the shadows of the high profile cyber attacks2 min read

The threat posed by a malicious insider to organisations is not receiving the attention that it arguably deserves as the security world’s attention currently is on the high-profile attacks of late. It is, however, a very real issue that organisations are currently facing.

A malicious insider threat is a threat to an organisation that comes from people within the organisation. They might not be as common as external threats but can be more damaging as the malicious actor has easier access to confidential material and an understanding of how the company operates. Malicious insider threat comes under the umbrella of ‘insider threat’ but differentiates itself as the user is purposefully acting maliciously, therefore, is usually very damaging.

Authentication essentially is not allowing outsiders access to the system. The insider threats bypasses authentication measures as they have credentials to access the system and in most cases, has access to the sensitive information on it.

Authorisation, specifically access control, therefore, needs to be focused on to limit insider threats, essentially making sure the user that is authenticated is allowed to access the information that they are trying to access. Access control can be setup to make sure that employees only have access to information relevant to their role. Having role based access control in place will limit the information they have access to. However, for authorisation to be effective there does have to be suitable authentication in place to make sure the users are who the system thinks they are.

Access control on its own may not be effective, other technical measures like the following should also be considered:

• Enforce separation of duties, least privilege access and data classification
• Track the use of privileged accounts
• Deactivate access following termination or modify access when a role is changed (This is a key point as malicious insiders often are disgruntled ex-employees.)
• Log, monitor and audit employee network activities

Stopping insider threats is difficult but implementing the discussed measures can limit the damage a malicious user is able to cause if setup and used effectively.

Sources:

• https://www.tripwire.com/state-of-security/security-awareness/the-malicious-insider/
• https://www.observeit.com/insider-threat/