An insider threat is a cyber security risk introduced by an individual with legitimate access to an organization’s networks, systems and data. These threats are a real nightmare for organizations across industries. Why? The answer is simple, they’re so hard to detect, and often detected very late.
Whether the insider threat was malicious or unintentional, the end result is a compromised confidentiality of an organization’s systems and data.
Here are 5 real examples of insider threats you should learn about!
A former employee of a medical device packaging company who was let go in early March 2020, had compromised his ex-employer’s data. By the end of March – and after he was given his final paycheck – Christopher Dobbins used two fake user accounts that he had previously created, to then edit and delete nearly 120,000 records. His actions caused more than $200,000 in damage and delayed the shipment of personal protective equipment (“PPE”) during the COVID-19 pandemic.
In 2017, an employee at Bupa Insurance Services, stole 547,000 customer records. He copied and then deleted the data through the company’s customer relationship management system. In 2018 after an investigation by the ICO, Bupa was fined £175,000.
An employee at General Electric multinational company, had stolen more than 8,000 sensitive and confidential files in a breach that lasted more than eight years. This employee is an engineer at the firm, who had persuaded an IT administrator to grant him access to sensitive information. He stole the files with the intention of starting a rival company.
Departing and ex-employees can be a serious insider threat even at big companies like Uber and Google.
Back in 2016, Anthony Levandowski, a former Google employee, downloaded thousands of company files onto his personal laptop.
The files he stole were related to Google’s self-driving car program, known then as Project Chauffeur, on which he worked from 2009 to 2016. The theft would’ve given him a leg up in his new job at Uber, and may have cost Google up to $1,500,000.
McAfee, a world leader in data loss security, has lost extensive data due to an insider threat in 2019.
Three ex-employees, who decided to join a rival company, Tanium, stole trade secrets on their way out the door. This insider threat was discovered by McAfee months later, which gave the employees potentially plenty of time to use the stolen information. The three employees have moved confidential information about McAfee’s sales tactics, customer lists and pricing data to private USB devices and email addresses.
Want to learn how to bypass internal data breaches!