Please fill in the form below to subscribe to our blog

Are You Safe From Malicious Insider Threats by Remote Workers?

May 28, 2021

Malicious Insider Threats by Remote Workers Should Be On Your Radar


As many organizations begin resuming normal, in-office operations, they’re making decisions about what the future of work will look like – and for many companies, the future of work is hybrid. Remaining ready for remote work is a popular option for both companies and employees. Many organizations learned a tough lesson about remote work last year as lockdowns shifted everyone home.

Businesses that had previously discouraged remote work discovered that their rigidity was a massive detriment, preventing them from adapting quickly to new circumstances. Companies that already had remote or hybrid schedules were prepared to rapidly pivot to all remote operations and they profited handsomely from that flexibility. Offering remote and hybrid work options is also a popular perk for employees who discovered that eliminating commutes allowed them to be more productive and less stressed. Gartner reports that 85% of company leaders say that they plan to allow employees to continue remote or hybrid work going forward. But flexible schedules and locations also bring risks of their own to the table, like an increased risk of malicious insider threats by remote workers.


Which of your vendors will cause your next cyberattack? Read our new eBook to learn how to spot and stop third party risk. GET THIS BOOK >>


Malicious Insider Threats By Remote Workers Are All Too Common


The Verizon Data Breach Investigations Report 2021 (DBIR) is a goldmine of data that breaks down all kinds of data breach risks including an in-depth analysis of data breaches that are directly caused by employee actions. The study noted that insider threat risks rose about 40% in 2020, tripling in the last three years. The majority of those insider threats are non-malicious, accidental flubs. As long as there are humans accessing systems and data there will be human error, and it continues to dominate as the top cause of a data breach. The stars in this category are what you’d expect: all-time reigning champion misdelivery (like sending someone the wrong data), followed by that old favorite misconfiguration (making errors when setting up a database). Distantly behind them are blunders like publishing errors, programming mistakes and loss of devices containing secure data or credentials. Almost three-quarters of breaches caused by insider actions were the result of these common, simple errors.

Unfortunately, that leaves a quarter of data breaches caused by insiders to examine, and those aren’t quite so understandable. Malicious insider actions are responsible for almost 25% of confirmed breaches. These malicious acts by employees can be incredibly damaging and they’re always heartbreaking and remote access to systems and data makes it all too easy for malicious insiders to do their dirty work. About 90% of IT executives in an IBM survey of remote workforce cybersecurity trends believe remote workers pose a security risk in general, and more than half believe that remote employees pose a greater security risk than onsite employees.


global year in breach depicted as a printed report.

Give your clients the cold, hard facts that tell the tale of exactly how much danger their business is in. GET THIS FREE BOOK>>


Multiple Factors Escalate Danger


What drives people to take malicious actions against their employers? The DBIR breaks down the reasoning behind incidents that resulted from the actions of malicious employees, and top motivation never changes – it’s overwhelmingly money. An estimated 70% of malicious insider breaches were financially motivated, chiefly through employees selling credentials or access to systems and data on the dark web. In economically challenging times like these, that fact needs to be top of mind for anyone who is working on defensive strategies to combat insider threat risks. Another 25% of the malicious insider incidents surveyed were motivated by espionage, like selling formulas, sensitive data or company secrets. The final cause of malicious insider incidents, around 4% were caused by angry employees who just wanted to damage the company.

Everyone is looking for new revenue streams these days, and that includes employees. The dark web economy is booming, and cash-strapped staffers may be tempted to make easy money by selling their credentials or your data on the dark web, and that’s a lot easier to do when they’re not in the office. Working in isolation and without the safeguards of in-office network security, remote workers have extensive opportunities to take malicious actions without being quickly detected. Verizon’s report makes it very clear: data breaches and other security incidents caused by malicious employees working remotely take longer to detect, are more difficult to contain and do more damage than similar incidents caused by malicious insiders who are working in a company office.


Help your clients stay off of cybercriminal hooks with the expert tips and strategies that we share to combat phishing in our webinar The Phish Files. LISTEN NOW>>


2 Fast, Affordable Fixes For Threats By Malicious Insiders Working Remotely


No industry is safe from the threat of a data breach or other damaging security incident that comes from a malicious insider, and every organization that supports a remote workforce has an increased risk for that type of trouble. However, employees are generally in favor of hybrid work, and the advantages of businesses retaining operations flexibility are clear. So what can you do to secure your systems and data from the elevated risk of malicious insider threats from remote workers?

Gain Immediate Protection by Preventing Credential & Privilege Misuse

The top way that malicious insiders damage companies is through privilege misuse, making tools like multifactor authentication security superstars. In this scenario, an employee may sell or give their privileged password to someone who is not authorized to access sensitive data or critical systems. More than 80% of malicious insider breach incidents are caused by privilege misuse. Stop employees from being able to damage your business by sharing or selling credentials by adding secure identity and access management with Passly to your security arsenal. An estimated 99% of cybercrimes that involve credential misuse can be prevented by multifactor authentication, yet less than 50% of businesses use it to support their remote workforce. Single sign on launchpads for each user enables IT teams to quarantine any user account and remove access permissions quickly, reducing the time to contain a breach.

Play the Long Game By Spying On the Places That Malicious Workers Do Business

Malicious insiders who are looking for a fast way to make a buck will inevitably turn to the dark web. They can contact eager buyers for passwords, access or data quickly through dark web message boards and forums. That’s why it pays for organizations to keep an eye on what’s going on in those dark web marketplaces – dark web risk is highly escalated these days by a booming cybercrime for a service economy and bustling data markets. Dark Web ID is the ideal tool to use to monitor for employee credentials appearing on the dark web. Human and machine intelligence is at work 24/7/365 to keep eyes in all of the worst places to make sure that your IT team is alerted immediately if an employee credential is spotted, giving your business an edge over bad actors.

By choosing the right combination of security solutions, you can add strong safeguards against malicious insider threats by remote workers like credential and privilege misuse. The ID Agent digital risk protection platform offers smart solutions to protect your systems and data whether your employees are working in the office or at the kitchen table. Our solutions experts are ready to help you make the right choices to reduce your organization’s risk of a cybersecurity disaster. Schedule a personalized demo today.