Based on their two-year studying on cybercrime forums, IntSights and RedOwl recently released a report on how hackers recruited and worked with insiders with access to corporate networks. Recruitment of insiders was increasing, and they found that the forum discussions and insider outreach nearly doubled between 2015 and 2016. Hackers recruited insiders to gain profit either by stealing data, making illegal trades or place malware within a business’ system. Successfully hacking required both tech and domain knowledge, and hackers can leverage an insider to provide domain knowledge. There are three types of people are potential insiders: negligent employees with bad cybersecurity hygiene, disgruntled employees, and malicious employees joining the organization with the intent to defraud. The Dark Web promised anonymity to insiders, and there was even a selection process for insiders on most forums. The forums needed to know where the insiders worked, how access they had, and how timely they could release information.
This would be a warning to all organizations that they have to understand that internal threats might be more serious than external threats. That’s also why background scan for employees and segregation of duty are extremely important in every organization. The access to information and data must be restricted to ensure that unauthorized employees cannot access to confidential information. However, it won’t solve the problem that if the insiders are high-level managers. Therefore, a insider threat program is necessary.