Malicious activity by trusted insiders can be very hard to catch, so look for these red flags.
Here are excerpts from this article on Insider Threats where Gurucul’s CEO is quoted:
Insiders who don’t have access to target systems or data will often attempt to elevate their access privileges to get at it.
So watch out for employees or contractors who suddenly gain admin rights or have access to documents outside of their departments or job functions, Varonis’ Spinner says. “This could be a sign of insider activity,” he says.
An example would be an IT person with administrative access, says Saryu Nayyar, CEO of Gurucul. He may elevate his privileges for access to data he does not need for his job — for instance, a customer database.
Behavioral Red Flags
Not all rogue insider behaviors are motivated by financial gain. In fact, in a substantial number of incidents, malicious behavior has been triggered by disgruntlement, a desire to get revenge, and other personal triggers.
If an employee or other trusted user displays certain negative behavior traits in the workplace, monitor that behavior, says Jeffrey Slotnick, president of Setracon Enterprise Security Risk Management Services.
Behavioral indicators to look out for include sudden or unusual introversion, compulsive or destructive behavior, passive aggressiveness, a sense of entitlement, and the inability to assume responsibility or take criticism, he says. Lack of empathy and a predisposition toward law enforcement are other red flags, Slotnick says.
Monitor employees under financial distress, adds Gurucul’s Nayyar. “Look for wage garnishment, loans on 401(k)s, large medical bills, in conjunction with travel to foreign countries,” she says.
In addition, be wary of insiders who suddenly start behaving in an atypical manner. For example, if an HR employee who typically works between 9 a.m. and 5 p.m. Monday through Friday suddenly starts working after hours and on weekends, take note, Spinner says.
“Sure, they might be trying to catch up on an important project the boss gave them using their personal computer. But they could also be on the lookout for sensitive information,” he says.
Full Article: 6 Ways to Tell an Insider Has Gone Rogue