Companies are certainly having a hard time defending their privileged data from hackers and online criminals, but the risks nowadays do not come only from outsiders. According to a press release from the Department of Justice in early 2023, a senior software engineer pled guilty to stealing gigabytes of confidential data from his own employer and then posing as an anonymous attacker in an effort to extort millions of dollars in ransom.

While purportedly working to remediate the security breach, the engineer extorted the company nearly $2 million for the return of the files and the identification of a remaining vulnerability.  He then re-victimized his employer by causing the publication of misleading news articles about the company’s handling of the breach that he perpetrated, which were followed by the loss of over $4 billion in the company’s market capitalization.

Unfortunately, this is not an isolated case. Wymoo International investigators have been alerting for years of the risks associated with wrongdoing privileged insiders, who take advantage of their positions to extort, manipulate and steal money in any possible way. Data breaches have become extremely profitable, and the damages can be as serious as bankruptcy.

The following are suggestions for protecting organizations from inside criminals:

This cannot be said enough: thorough background check investigations when hiring people are essential to avoid hiring extortionists, criminals, fraudsters and scammers. The first mistake an employer can make is to welcome onboard people who have not been properly screened. Many times, the individuals who carry fraud and scam schemes have shown similar behavior in previous positions, or even have a criminal record. They have lied about their qualifications and experience and have presented fake resumes. A good hire does not become an extorter from one day to another, so chances are that a proper professional background check investigation could have avoided a criminal from being part of the company in the first place.

Companies tend to focus a lot on having the right technology to stop hackers, but they also tend to overlook people. It is way easier and more efficient to rely on human mistakes and social engineering than to hack a system, so a big part of companies’ attention should be put on the people who have access to privileged data and the policies the company has to make sure everyone knows what to do to protect the information.

Make sure your company has clear protocols and policies in place for every bit of privileged or confidential data that it holds. One of the first things that criminals do is alter logs and files to conceal their unauthorized activity within the company. Consider deterring privileged insiders by retaining logs in an immutable form, so that they cannot be modified or deleted. Ensure that the period of immutability for logs cannot be materially altered by anyone, and review logs regularly to catch significant incidents sooner rather than later.

It is also important to establish monitoring and alerts to detect unusual download activity of confidential data, or any company data. The alerts relating to a privileged user should be sent to someone outside of that user’s chain of command in case management is an accomplice, and also to avoid the alert from being ignored or overlooked between the user and management.

Finally, hire periodical employment screenings from independent investigation companies on people with privileged access to confidential information. This can help identify any changes that suggest a risk, for example big debts or expenses that might suggest in favor of enhanced monitoring. Rely on professional third-party experts to keep the insider threats away.

C. Wright

© Copyright Wymoo International.  All Rights Reserved.  This content is the property of Wymoo International, LLC and is protected by the United States of America and international copyright laws.  Wymoo® is a registered trademark.