It’s shocking how much damage a single employee can cause. We often hear about rogue employees stealing data and threatening a company’s safety, but the huge cost to the organization in terms of lost customers is often neglected. Information leakage harms a company’s reputation and leads to major loss of customers’ trust. If a customer feels their personal data is at risk with you, they will go elsewhere.
In 2019, 250 million customer-service entries were leaked from a company. This represented over a decade of information and included customers’ emails, IP addresses, and geographical locations. The incident was detected by a security researcher almost a month after it happened, making it difficult to trace all the leaked information. This severe breach left the company open to scams and phishing attacks. What’s more, all this damage was done by a single employee.
Let’s look at another example. An employee of a UK healthcare giant gained access to customer information, deleted it from the system, and tried to sell it on the dark web. This incident cost the company almost £175,000 in fines and leaked personal identifiable information of nearly half a million customers. Of course, this put a huge dent in the company’s reputation, but the real issue at stake is the number of customers they would have lost as a result of this breach. Would you, as a customer, still trust a company after such a setback?
With more than half of security incidents being an ‘inside job’, it’s evident that companies are missing a piece of the puzzle.
Insider threatscan also come from ex-employees.In 2020, someone accessed information from a former employer without authorization, installing malware that erased over 16,000 user accounts, and caused 2.4 million dollars in damage.
In a different case, an employee looking to set up a rival company leaked more than 8,000 sensitive files over eight years. An IT administrator assessed the leak by giving unauthorized access to the employee who leaked the files.
All these examples are lacking some vital information. People are complex; each employee will have had their reasons for carrying out the breach. We don’t know their intentions, or what their work environment was like. Were they being pressured or bullied at work? Were they in a financial crisis? When did the employee start acting out of character? Were there any warning signs of what they were going to do?
People are predictable. We act in a similar manner in specific situations. If you know how your employees usually act and understand how people behave under stress or if they’re planning something underhand, you will have a good chance of detecting a potential breach before it occurs. Add this knowledge and some regular checks to a positive work environment, and you’ve got the secret recipe for a process to minimize insider risks.
