InfoSec / Cyber

Types of Cyber Attacks: The Insider Threat

This article is linked to a series of articles about different types of Cyber Attacks. They can be viewed in the Information/Cyber Security News section of the Data Protection Education website or as part of the Information & Cyber Security Best Practice Area. Each article discusses a different type of cyber attack, steps to try to minimise the risk and guidance.

The Cybersecurity and Infrastructure Security Agency (CISA) defines insider threat as the threat that an insider will use their authorised access, intentionally or unintentionally to do harm to the organisation's mission, resources, personnel, information, equipment, networks or systems.  This can include theft or unauthorised access to sensitive data, installing malware or other malicious software, or disrupting normal operations.

They are people who have authorised and legitimate access to a company's assets and abuse it either deliberately or accidentally.

There are three insider threat sources:

  1. Negligent or inadvertent users
  2. Criminal or malicious insiders
  3. Attackers that stole user credentials

How might an insider threat attack happen?

  • People rushing to finish a task or project who have access to sensitive data or admin rights can cut corners.
  • Remote working opens the organisation to personal devices being used and data intervertently being downloaded.
  • People losing devices or having devices stolen.
  • Clicking on a phishing email.
  • Not installing regular updates.
  • Installing non-organisation approved software which has malware.
  • Leaving devices open to physical attacks such as a server not in a locked cupboard or room, is open to accidental spillages, USB devices being plugged in, turning off of all the organisation's systems by pressing the power button.
  • Lack of IT expertise in the organisation could mean that someone unwittingly does not have all the appropriate systems controls in place.
  • Deliberate sabotage.

How can you reduce the risk of a cyber attack?

Remember: insiders don't act maliciously most of the time - a cyber attack is sometimes caused by a disgruntled employee but it's mostly by accident or negligence.

The role of cyber negligence in insider threats

 What to do in the event of a cyber attack?

Tell someone!  Report to IT. Report to SLT. 

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.

If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: as well as your data protection officer so they can advise about the data loss.  Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.

Isolate the infected device and pass to IT 

Always ensure there are backups you can restore from.

Little Guide to ACTION FRAUD