Understanding and mitigating the risk of insider threats
Louis Blackburn, Operations Director, and Martin Ellis, Swarm Member, at CovertSwarm explore…
Malicious employees and insider threats pose one of the biggest security risks to organisations, as these users have more access and permissions than cyber criminals attacking the organisation externally.
It often seems that most organisations are not aware of the scale of these threats and do not prepare employees or distinguish guidelines for rooting out malicious and negligent employees in the way that employees usually receive training around spotting the signs of external hackers through phishing and vishing messages.
A recent report from DTEX highlighted that IP theft is at an all-time high because insiders are colluding with foreign governments. Uber’s breach just a few years ago, which involved an adversary purchasing access to an internal user account, demonstrates the detrimental impact that can arise from a lack of awareness and policy in place around internal threats.
Understanding the type of threats to look out for and putting the correct frameworks in place will help to mitigate against the likelihood of insider threats taking place.
The main insider threats businesses are at risk from
There are several critical insider threats that organisations need to remain vigilant against. Denial-of-Service (DoS) attacks are a common concern; these attacks are often carried out by malicious employees who possess extensive knowledge of the company’s systems and networks, flooding it with illegitimate requests or attacking vulnerabilities that can cause it to crash or become unavailable to its users.
The risks associated with employees leaving the company with sensitive information or access credentials needs to be considered as well. A standard protocol should be in place to ensure access for former employees and their ability to compromise security after their departure is removed.
Malicious deletion of crucial systems or data by an insider can have a catastrophic immediate impact on a company. A loss of data or period of inactivity can lead to significant complications, including financial losses, damage to reputation, and a loss of trust from clients and partners. Legal recourse may be available to address the employee’s actions but the damage will have already been done.
Negligent employees pose a similar threat
Not all insider attacks are caused by malicious employees; some may be due to negligence instead, but pose just as many dangers. The rise in AI usage and LLM tools has increased the chances of negligent employees leaking information to cyber criminals through accidental disclosure.
Employees may post data into AI or LLM tools to carry out activities such as data sorting or code checking, which is likely to be ‘ingested’ by the AI learning model (often allowed and outlined in the T&Cs) and then used to provide answers to other users, leaking that sensitive information. For example, if a user uploads details of a confidential project to an LLM, the data in the system might be used to provide answers to other individuals who ask questions like “Tell me about Project X.”Companies need to make sure clear policies are in place when it comes to the use of AI and LLM tools for professional use.
More from Cybersecurity
- How To Keep Your Business Safe From Cyber Attacks
- How to Choose The Right Penetration Testing Tool For Your Tech Stack
- INE Security Partners With Abadnet Institute For Cybersecurity Training Programmes in Saudi Arabia
- Don’t Let The Drop In Rnasomware Fool You, Here’s How Cyber Threats Are Evolving
- INE Security Alert: Top 5 Takeaways From RSAC 2025
- Experts Share: How Should Startups Protect Their Data In 2025?
- Co-op Cyber Attack: What Does It Mean For UK Retailers and Consumers?
- Experts Comment: 23andMe Bankruptcy – How To Protect Your Data
Additionally, some LLMs are utilising ‘add-ons’ that can be leveraged to exfiltrate data input into an AI or LLM tool, leading to similar data leakage issues, making it all the more critical that organisations have systems in place to limit unauthorised exposure of data.
Organisations need to put the right tools in place to prevent insider threats
Despite the rising sophistication of insider threats, many organisations still lack the necessary tools to detect or prevent employees from copying sensitive information to portable devices and leaving the premises. This fundamental vulnerability highlights a critical area where many organisations need to improve their security measures and monitoring capabilities to effectively combat insider threats.
To effectively root out malicious insiders, organisations must invest in comprehensive security tools and practices, such as robust monitoring systems, strict access controls, and regular audits.
Additionally, fostering a culture of security awareness and implementing clear guidelines for reporting suspicious activities are essential steps in mitigating the risk posed by insider threats.
The first step to mitigating insider threat
Implementing ISO 27001 and ISO 42001 into business operations are great ways to begin reducing the risk of insider threats. Both are valuable frameworks and help to establish rigorous procedures and controls.
It’s important to make sure these frameworks aren’t merely reduced to tick-box exercises and are fostered into daily operations.
ISO 27001 focuses on a systematic approach to information security management, emphasising regular audits, access controls, and comprehensive employee training.
Similarly, ISO 42001 provides a structured approach to occupational health and safety management, which can indirectly support security efforts by promoting a safer work environment.
The challenge is integrating these standards into everyday business practice, and ensuring they are enforced and updated. Organisations need to embed them into their operational practices, taking a proactive stance against insider threats and increasing security awareness among employees.
