Employee IT sabotage is essentially an insider threat in which employees (former and current) misuse or exceed the authorized level of access to data, PCs, or networks with the intention of harming the organization, and daily business operations.
Don't think this could effect you? The State of Data Security and Privacy report reveals insider threats are emerging as the main cause of data breaches. It goes on to show that research results indicate around 36 percent of breaches stem from employee misuse of data.
25 percent of the survey respondents, including SMB and enterprise companies with two or more personnel, said that malicious insider abuse is the most common reason for the occurrence of a breach. Going further, the rouge employees aren’t committing the deed by themselves alone; they’re increasingly cooperating with cyber criminals to carry out negative operations.
The nature of sabotage is also becoming sophisticated; evolving from simple copying and deleting a database to injecting advanced malware to collect sensitive information about a company. The aim behind these sabotages is shifting from financial theft to collection of intellectual property. Specifically, insider threats now attempt to steal both financial credentials and sensitive corporate data.
It is clear that this is a big deal.
Security strategies for overcoming employee sabotage
As insider threats are increasing and constantly evolving, companies need to start factoring these threats into their security practices. The following strategies can help prevent and mitigate IT sabotage within your company:
Define and verify privileges
Scrutinize the level of access employee have to company data, and objectively evaluate whether the level of permissions is appropriate or otherwise. Also, you would want to ensure the list of people who have access to sensitive company data is the shortest list possible.
While it is good to trust your employees, monitor what they are doing - from account permissions to application workflow, and so on. Monitor all such activity and have controls in place for detecting and escalating exceptions. Establishing baselines for user behavior, human access to data, and application access could also work well as it will let you detect unusual happenings.
Have recovery in place
Though monitoring employee privileges and activity can pick up risky intentions pertaining to your company’s IT infrastructure, raising alerts for example when employees use vulnerability assessment tools or software in suspicious ways, it is always good to have recovery measures in place as it take times between detecting and stopping security adversaries.
Implementing a disaster recovery solution would ensure your business operates with minimum interruption. The goal is to setup a plan where you can continue operations in case of unexpected events like employee sabotage. Businesses using the cloud can also take advantage of data recovery for mission-critical applications and data without any additional hardware investment.
Clear change procedures
There should be clear change procedures for your system and access passwords so no employee can access the data or make changes after leaving the company. If they do need access, they can be granted compartmentalized access which can be overseen by trusted IT security members in your organization.
This protocol will be effective in ensuring the work of
ex-employees is kept separate from the productive environment. It could indeed slow down some processes, but is an effective way to keep control over system security. Don’t just assume that your current employees can be the only cause of a sabotage event.