By Rick Garcia, Director of Forensics at Pathway Forensics

Surfacing in a variety of flavors, cybersecurity threats range from business email compromise (BEC) to ransomware and malware – the list of avenues into an organization’s sensitive underside is growing rapidly.

But recent breaches of private enterprises and government agencies show that the threat landscape is evolving, largely due to an uptick in breaches caused by insider threats. The amount of sensitive data that has been compromised over the last year has caused organizations to, in one way or another, halt business operations as a result of a bad egg in an organization.

Organizations are increasingly implementing collaboration strategies to make information sharing easier, recognizing that employees are the power behind any company. Unfortunately, some organizations have not put in appropriate security controls and, instead, simply trust employees to safeguard sensitive or proprietary data. This trust is frequently abused or neglected, and organizations are finding out (the hard way) that employees take more than memories with them as they plan their departure, leaving organizations open to insider threats.

What is an insider threat?

An insider threat is a malicious threat to an organization that comes from people within the organization – such as employees, former employees, contractors, or business associates – who have inside information concerning the organization's security practices, data, and computer systems.

The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems.

Examples of Insider Threats
Example 1

Anthony Levandowski was an engineer at Waymo, a subsidiary of Alphabet (formerly known as Google). His role there was to accelerate the development of self-driving cars. In December 2015, he downloaded 9.7 GB of company files on his computer allowing him to “work from home”. But in January 2016, Levandowski left Google and started Otto, a self-driving trucking company that was then bought by Uber. Waymo later sued Uber for trade secret theft.

Waymo alleged in the suit, which went to trial, that Levandowski stole trade secrets, which were then used by Uber. While the case went to trial, it was settled in February 2018. Under the settlement, Uber has agreed to not incorporate Waymo’s confidential information into their hardware and software. Uber also agreed to pay a financial settlement that included 0.34% of Uber equity, per its Series G-1 round $72 billion valuation. That calculated, at the time, to approximately $244.8 million in Uber equity.

Source:Forbes article_08/27/2019

Example 2

A husband who worked in the UK’s immigration office decided the best way to stop seeing his wife again was to place her on a terror watch list. This left her stranded in her native country of Pakistan, and unable to return to British soil.

Her pleas to return to her adoptive country were ignored for three years. Up for a promotion, the tampering was discovered only when authorities ran a background check on the husband.

Sometimes the victim of an insider threat isn’t the business or organization itself, but a client or customer. article


It’s an uneasy realization for any organization to know its employees may be the weakest link in the chain. Companies must rely on several preventative measures to protect against detecting insider threats, satisfying regulatory compliance and helping investigators respond quickly to loss incidents. Establish a relationship with an expert today and discuss how to implement the necessary security controls.