The Cybersecurity Threat from Within

In the cyber security industry, it is a well-known fact that the greatest threat to corporate documents comes from the inside as employees are given access to the internal network. This is not a new idea. You can tie this concept back to the original Trojan Horse attack, where a wooden horse full of enemy soldiers was allowed to be pulled behind the protective city walls. As the garrison went to sleep that night, the enemy came out of hiding and opened the protective gates, and the garrison was taken over through the breached wall. Cyber security professionals have learned from the past, and today the Trojan attack is something most are familiar with and something that is routinely protected against. So hackers have changed the formula slightly. Instead of a program or device sneaking in, now an intruder is legitimately let in by the company.

Two Types of Employees That Become Intruders

Untrusted employee (UE) – This type of intruder is new to the company and may seek to access systems they are not authorized to. The UE is easily detected with common human resource, automation security, and management protocols. A UE that is over inquisitive to projects they do not have access to routinely stays late after other employees leave, befriends those from other more sensitive locations, or is found running scanning tools on the local network. This employee is a threat and if left unchecked may be able to cause a breach in the network allowing the loss of intellectual property. New employees should all be categorized as UE for a period of time. During this time management must take great care to ensure the UE is not working against the interests of the company. The UE as a threat is not as bad as the next type of employee.

Trusted employee (TE) – This employee can fall into two separate categories: sleeper and compromised.

The sleeper TE is someone that is willing to sacrifice a period of time to gain the trust of management and be given greater access. This may take years! If you are looking at corporate espionage government projects can last for years. The TE can bide their time until the right time presents itself. The TE can quickly enact an attack that may be destructive.

The compromised employee: This is the employee that falls on hard times or has some ideological objection to what the company is doing. This employee may have no initial intent to cause harm to the company and more than likely will feel guilt or remorse for their actions. Edward Snowden is an example of this type of intruder. If management is doing their job, this type of employee is relatively easy to identify. There will be red flags that go up excessive drinking, depression, verbal objections, political pronouncements and lack of concentration. Managers must constantly be aware of the employees in their charge as they are the first line of defense against the insider threat.

About the Author

Author Photo: headshot image of faculty blogger Stephen Pearson

Stephen Pearson
Adjunct Lecturer
Program: MS Cybersecurity

Stephen Pearson combines more than twenty-nine years of law enforcement experience with in-depth expertise in today's most pervasive Internet and computer technologies. During his tenure in federal and civilian law enforcement agencies, Stephen has been involved in all facets of computer crime investigations. Read More about Stephen Pearson