The Insider Threat – Part 2

The insider threat, the computer or network attack originating from inside our own network, is the hardest to defend.  In our last post we took a look at the disgruntled employee and the embezzler.  Today we will review insider-based sabotage and corporate espionage.

Sabotage – Sometimes a disgruntled employee will take out their frustrations by orchestrating a little sabotage.  Perhaps they have been passed over for a promotion.  Or consider the departing employee.  A recent Forbes article indicated that half of US employees are looking for a new job.  Many times a departing employee may take a swing at their employer through a bit of sabotage.  The usual motive is revenge.  Sabotage can take many forms.

  • Reputational damage – Sometimes this is nothing more than bad-mouthing on social media, but negative comments on sites such as can make recruitment more difficult.  But sometimes these posts can lead to investigations by government agencies, or cause problems with customers.
  • Confidentiality – Employees often have access to protected personal information, client information, or corporate inside information that would cause problems if it were released to the public.
  • Attacks on processes or systems – Sabotaging operations through destruction of processes or systems can cause huge financial damages to a company.  Employees with insight and access should be given only the privileges they need to do their job.

Ways to guard against this threat can include the implementation of a data loss prevention system, or watching network traffic and system logs for unusual access attempts, excessive file copying or file deletion.  Your HR department can reduce the risk of employee sabotage.  Having a strong exit procedure that is coordinated between HR and IT is important.  This ensures that terminated employees access rights and passwords are disabled upon leaving the company.

Corporate espionage – While corporate espionage is similar in many ways to sabotage, the usual motivation is financial.  In some cases an employee may be approached by someone posing as a potential new customer.  Or they may receive an offer that is too good to refuse from a prospective new employer.  Sometimes is is the theft of a client database by a departing sales representative.

Corporate espionage usually involves the collection of information such as customer data, financial information, trade secrets, business plans, or marketing information.  Sometimes this threat is orchestrated by a foreign nation-state

Industrial espionage can be hard to prove, and so it is hard to hold the perpetrators accountable, especially if they are foreign nationals with governmental protection.

Again, ways to guard against this threat can include the implementation of a data loss prevention system, or watching network traffic and system logs for unusual access attempts, excessive file copying or file deletion.  Employees who are having financial problems can present a greater risk for financially rewarded thefts of information.  Employers usually engage in background checks when hiring, but never follow up with additional background checks for current employees.

My take specifically on the issues of embezzlement, disgruntled employees, sabotage,  and espionage, from a cybersecurity viewpoint, is this.  These are all issues that you can’t detect with a security appliance, or see crossing the network.  It might show up in access logs, but maybe not.

These issues are a matter of human intention, which can be a lot tougher to spot than a network attack, a phishing email, or malware.  There is no detection software for human intention, for sussing out our emotional state, for delving into the mind to discover what our thoughts and plans are.

To prevent or at least minimize the damage cause by these insider threats requires vigilance, a certain amount of paranoia, and a regular application of activities such as auditing, separation or duties, job rotation, required vacations, reducing unapproved overtime, and unapproved work from home.  A program of ongoing background checks might help find any employee with gambling debts or a drug addiction problem that might be a motive for theft of company assets.  An HR department where employees can bring their problems or concerns for resolution might be helpful in mitigating these insider threats.

When considering the insider threats that we need to defend against, it is important to remember these additional four:  the disgruntled employee, embezzlement, sabotage, and espionage.  It would be prudent to review your security practices and policies to make sure you have addressed these threats.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an information technology and cybersecurity instructor for several training and certification organizations. Bob has worked in corporate, military, government, and workforce development training environments Bob is a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.