The Malicious Insider

Do you have any employees that exhibit a sense of entitlement, show signs of job dissatisfaction,  have been denied a request, think they deserve a raise or a promotion, received a bad review, are looking for a better job,  or have received a job offer?  Do you have any contracted personnel whose contracts are about to expire?  Do you have any employees with financial problems?  If yes to any of the above then you have the potential for a malicious insider cybercrime.

A study by CERT® offers the following insider cybercrime observations:

  • “Many insiders exhibited a sense of entitlement to the information they stole. Insiders generally disregarded IP agreements (44%).”
  • “Many Entitled Independents showed signs of dissatisfaction with some aspect of their job, often compensation, benefits, or promotions (39%).”
  • “Most insiders were involved with significant planning activities more than a month before resignation. (59%).”
  • “Some insiders started stealing information more than one month prior to their departure. (21%).”
  • “Most insiders stole at least some information within a month of resignation (65%).”
  • “Most insiders stole information in their area of job responsibility (74%), and many at least partially developed the information and/or product stolen (41%).”
  • “In a third of the cases (33%), the insider used the information to get a new job or to benefit his new employer in some way.”

A Ponemon report indicates that 59 percent of employees who leave, or are asked to leave, are stealing proprietary data.  Crime by Malicious insider is prevalent “Cost of Cyber Crime Study Benchmark” for 2011 by the Ponemon Institute report that 30% of organizations experienced cybercrime by malicious insiders.  The problem may be much more widespread given most organization do not wish to go public with insider breaches and we have to assume that many knowledgeable, highly technical trusted insiders never get caught.


Whether it is viewed as a crime without punishment, that they are really entitled to the information that they helped create or that copying data is not really a crime; malicious insiders are a very serious threat to the health of the organization.  Most IT security executives rightly view the malicious insiders as the most difficult cybercrime problem.  After all, the trusted insider has been granted legitimate access to the intellectual property.   So how do you prevent or deter them from misbehaving?

We need to change everyone’s view that it is a crime without punishment. In 40% of the incidents the individual could not be identified committing the eCrime and in 39% there was a lack of sufficient evidence to prosecute.  By providing an evidentiary capability and convincing everyone that they will be conclusively identified criminals might think twice and might get prosecuted.  Positive identification is the foundation needed to change the dynamic.  A conclusive A/V audit record with biometric identification of the individual, such as Sovay Authentication, is a great deterrent.  Criminals do not want to get caught and are easily deterred when they believe there will be conclusive evidence to their crime.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s