There are insiders who are on a mission to cause problems for a company. It could be a disgruntled current or former employee. It could be someone who gets themselves hired (or assigned as a temporary employee) to gain access for the purpose of causing problems. A motivated disrupter with appropriate access can cause tremendous damage. For example, a disrupter who is in an IT position could cause backup files to be replaced with useless files, and could then damage live files that have no usable backup. This is why monitoring software that can detect suspicious or unauthorized activities is so important.
An IP compromiser has a mission of stealing intellectual property (IP). IP can be valued at millions or even billions of dollars. Stealing a software source code can jump-start a foreign competitor’s capabilities.
Like an IP compromiser, a data compromiser is up to no good. He or she wants to steal data that can either be turned into money (for example, by selling it to a credit card number distributor) or released, directly or indirectly, to embarrass a target organization.
Insiders can also be responsible for incidents without intending to do so. They can also be divided into two broad groups: victim and error maker.
An insider can be targeted by a perpetrator to take an action to help carry out an attack without realizing that they are doing so.
Sometimes, an individual simply makes a mistake that leads to a data compromise. For example, a systems developer may inadvertently misconfigure a cloud-based storage container and leave it open to access through the internet, leading to the data stored in the digital container being compromised. Similarly, something as simple as an email sent to an incorrect address (or a fax message sent to the wrong fax number) can cause the compromise of highly sensitive information. This can be caused by accidentally entering the wrong email address, or deliberately (but unknowingly) directing an email to an address set up by an adversary with a very similar address to that of the real organization.
It is important to point out that cyber perpetrators may also use automated tools to look for companies whose systems exhibit vulnerabilities that leave them open to attack. Thus, a company may be targeted simply because the attacker has the capability to successfully carry out an attack. These attacks use tools called scanners that, in effect, test sites for the presence of specific weaknesses that render the site vulnerable to penetration.
Source
An extract from the first edition of The Guide to Cyber Investigations. The whole publication is available at Global Investigations Review.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.
Proactively monitor, detect and respond to threats virtually anywhere – on endpoints and throughout the surface, deep and dark web.
Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.