Please fill in the form below to subscribe to our blog

How Do Malicious Insiders Damage Companies?

November 03, 2022

Malicious Insiders Can Do Massive Damage to Their Employer Fast


Malicious insider risk is an unpleasant but ongoing situation that every business has to deal with daily. Both current and former employees can intentionally damage a company, and just one disgruntled employee can wreak havoc fast However it happens, malicious insider actions are responsible for an estimated 25% of confirmed data breaches. They’re also risks for ransomware deployment, credential compromise and more nightmare scenarios. Exploring the ways that malicious insiders can shed light on why an employee might become a malicious insider. 


Learn 5 red flags that could indicate a malicious insider is at work in your organization! DOWNLOAD INFOGRAPHIC>>


What do malicious insiders do to harm companies?


There are myriad ways for an employee to do damage. Unhappy former employees can damage their employers when they leave by stealing data or proprietary information.  According to a report by Gigamon, 35% of all ransomware attacks were caused by a malicious insider. Current employees who need money or feel slighted in some way can do nasty things like selling their credentials on the dark web. Malicious actors can also directly unleash a cyberattack by deploying malware themselves. 

The Top Malicious Insider Actions   

Exfiltrating Data 62%
Privilege Misuse19%
Data Aggregation/Snooping 9.5%
Infrastructure Sabotage 5.1%
Circumvention of IT Controls 3.8%
Account Sharing   0.6%

Source: Statista  


Learn to identify and mitigate fast-growing supply chain risk with this eBook. DOWNLOAD IT>>


Disgruntled employees steal data


 According to a report by the Palo Alto Networks, 75% of insider threat cases involved a disgruntled former employee who left with company data, destroyed company data, or accessed company networks after their departure. Malicious insider threats like those are especially worrisome as companies get wind of the crime long after it’s committed, which can be detrimental to their future. Employees are most likely to steal data like intellectual property within 90 days of their resignation, with 70% of insider intellectual property thefts taking place in that window.  

Here are two instances of data theft by disgruntled employees:

  • In a suit recently filed in the United States District Court of the North District of Georgia, a consultancy company, Young and Associates, claimed that a former employee stole over 30,000 files to get a competing firm off the ground. In a court proceeding, the employee testified to stealing sensitive business information of Young and Associates and uploading it onto the network of his new firm.
  • A former employee of a construction company, Williams Company stole several documents from the company, including the company’s bank account statements and tax returns, 401(k) information containing employees’ names, Social Security numbers, birth dates and their compensation. As a construction technology manager of the company, the employee was privy to intimate knowledge surrounding the company’s information technology systems and the protections the company had in place to safeguard its confidential information and trade secrets. He allegedly told the company that he stole the data for unforeseen personal issues.

A strong security culture reduces your company’s chance of a data breach. This checklist helps you build it. GET IT>>


Offboarding failure bumps up credential compromise risk


Most companies have security policies and security training as part of their onboarding process. But security isn’t just an onboarding concern. It’s a critical step in offboarding to reduce insider risk. Over 90% of malicious insider incidents are preceded by employee termination or layoff, even if an employee is leaving an organization on good terms. Every former employee who leaves a company yet still holds a set of valid credentials with access permission is a security risk. The higher up the chain that employee is, the larger the risk is that unauthorized access using those credentials could cause major damage fast – 56% of employees use their continued digital access after their departure to harm their former employer.    

In a 2021 study, researchers determined that after their employment ended, many former workers still had access to the systems, tools and solutions that they used at their former job including old email accounts (35%), work-related materials on a personal account (35%), social media (31%), software accounts (31%) or shared files or documents (31%). Many also retained access to things like accounts with a third-party system (29%), another employee’s account (27%), a backend system (25%) and the company’s financial information (14%).  Altogether, 83% of former employees surveyed said they continued to access accounts at their previous place of employment even after leaving the company. 


See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>


It’s time to tighten your cybersecurity screws


Cybersecurity is a continuous process and a thankless job. People remember you for one breach that your organization endured than the thousands of attempts that your organization was able to foil. Given the number of cyberthreats emerging from different quarters, it’s high time you take a hard look at your cyber defenses and eliminate any chinks in your armor. Malicious insider attacks are hard to spot and take longer to remediate than attacks from other vectors. A Ponemon Institute report reveals that it takes on average 77 days to detect and contain an insider attack. 

One of the main questions security leaders in organizations should ask is: Is my organization ready to handle malicious insider threats? In a recent survey, 95% of respondents (and 99% of CISOs/CIOs) viewed the malicious insider as a significant risk to a business. 

Building a strong security culture bolstered by a robust security awareness training program is critical for reducing non-malicious and malicious insider threats. Companies that engage in regular security awareness training have 70% fewer security incidents. Organizations should keep an eye on the dark web since that’s where an employee would go to sell their credentials or stolen data. Bad actors will gladly pay to get a hold of a legitimate network credential that allows them to quickly gain entry into a company’s systems and easily fulfill their nefarious intentions.


Drill down to the bottom line to see why security & compliance awareness training is a smart investment. GET IT>>


Here’s how our security solutions help eliminate malicious insider threats


Malicious insider threats are an ongoing challenge for businesses, eve if it is had to believe that your company could have one in your midst. these solutions help mitigate risk.  


Security Awareness Training     


A strong security culture reduces the chance of a malicious insider springing up. Training helps employees spot anomalies and practice good security habits, making it hard for a malicious insider to do their dirty work.     

BullPhish ID is the perfect solution to use to make that happen!      

  • A huge library of security and compliance training videos with 4 new lessons added a month!     
  • Choose from plug-and-play or customizable phishing training campaign kits     
  • Automation makes training painless for everyone 

Dark Web Monitoring   


Malicious insiders can make money selling their credentials on the dark web, and without dark web monitoring businesses may not find out until it is too late. An estimated 60% of data breaches involved the improper use of credentials in 2021.  

Dark Web ID is the answer.    

  • 24/7/365 monitoring using real-time, analyst-validated data     
  • Monitoring of business and personal credentials, including domains, IP addresses and email addresses     
  • Gain priceless peace of mind about dark web dangers 

Identity and Access Management (IAM)


Stop a stolen or sold password from opening the door to a company’s systems and data with 2FA, and make it easy to mitigate a malicious insider threat with SSO.

Passly is the perfect multi-tool for IAM packing four essentials into one affordable package

  • Get two-factor authentication (2FA), single sign-on, secure password vaults with one solution
  • Simple, intuitive remote management
  • Roll it out in a snap with easy deployment and seamless integration with common business applications

Automated, AI-powered Antiphishing Email Security    


Reduce the chance of an employee falling victim to an email scam like BEC spurred by a malicious insider selling information or credentials with automated phishing protection.

Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.     

  • Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.       
  • Cloud-native security harnesses machine learning to inform AI using a patented algorithm.      
  • 3 layers of powerful protection at half the cost of competing solutions      
  • Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.  

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>