When a Trusted Employee Becomes Your Biggest Liability
In our era of Internet technologies, where information travels with a “faster than the speed of light” immediacy, every single one of us has the potential to cause harm. Whether driven by money, intentional sabotage, the need for notoriety or justice, or sheer incompetence, the Internet gives everyone an opportunity to corrupt systems, leak confidential and juicy information, and take entire organizations down. In cybersecurity, we call this type of threat “Insider Threat”. Have you been affected by this type of threat?
The Incompetent Employee
Given a little too much authority and a little too much access to sensitive systems, they accidentally type in the wrong series of network commands, and cause lengthy outages across critical web applications. Globally. Think this can’t really happen? Think again.
Source: Wikipedia. https://en.wikipedia.org/wiki/2021_Facebook_outage
The Negligent Employee
Not caring to double-check their work before releasing it into the live system, this employee makes a series of “rule” changes to their customer support database. It’s Friday afternoon. They sign out of work for the weekend and come Monday, have forgotten all about what they did Friday. The database, containing more than 250 million customer records, remains accessible for more than a month to EVERYONE who has access to the Internet.
Source: Microsoft. https://msrc-blog.microsoft.com/2020/01/22/access-misconfiguration-for-customer-support-database/
The Vindictive Employee
They deserve a bonus and raise - they have written much of the code behind the company’s main business app. The company is doing so well, they want their piece of the pie. Turns out, they do not get the raise. In retaliation, they add several lines of bad code into the business app system making it completely unusable, and furthermore leak intellectual property to the competitor. Fact or fiction?
Source: CNN business. https://money.cnn.com/2018/06/19/technology/tesla-fire-musk-note/index.html
Source: Yahoo news. https://news.yahoo.com/tesla-drivers-left-unable-start-045725025.html
They work for one of the largest employers in the world, and have access to highly restricted databases filled with confidential information. In their heart, they feel that some of the information contained in the database need not be secret anymore - their employer is involved in wrongdoing! In their mind, they feel they must do something. In their pockets, they feel they deserve a reward for their righteousness. They leak their employer’s confidential documents to the World Wide Web with just a few clicks of a button.
Source: wikipedia. https://en.wikipedia.org/wiki/Chelsea_Manning. See also Wikileaks, Julian Assange.
The Incompetent, Negligent, Vindictive, Greedy, Ego-Driven Employee
This type of “Insider” encompasses all the archetypes and poses the biggest threat to an organization’s stability. We all know one, don’t we?