Insiders Are Serious Threats to Cybersecurity in an Organization

By Jon Hyman

Nov. 29, 2018

Do you remember the movie “When a Stranger Calls”?Cybersecurity in an Organization

The movie opens with a teenage babysitter receiving a telephone call from a man who asks, “Have you checked the children?” She dismisses the call as a practical joke. But, as the calls continue, and become more frequent and threatening, she becomes more and more frightened, and calls the police. Ultimately, she receives a return call from the police, telling her that the calls are coming from inside the house.

(Cue ominous music.)

Your employees are your company’s weakest link and, therefore, your greatest threat to suffering a cyberattack and resulting data breach. While employee negligence (that is, employees not knowing or understanding how their actions risk your company’s data security) remains the biggest cyber-risk, another also demands your attention — the malicious insider.

According to one recent report, malicious insiders are responsible for 27 percent of all cybercrime. reports on a recent survey, titled, “Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web”:

“ ‘Recruitment of insiders is increasing, and the use of the dark web is the current methodology that malicious actors are using to find insiders,’ said researcher Tim Condello, technical account manager and security researcher at RedOwl.

“Cybercriminals recruit with the goal of finding insiders to steal data, make illegal trades, or otherwise generate profit. Advanced threat actors look for insiders to place malware within a business’ perimeter security.”

There are three types of people who fall into the “insider” category, according to Condello: negligent employees who don’t practice good cyber hygiene, disgruntled employees with ill will, and malicious employees who join organizations with the intent to defraud them.

What is a company to do? Train your employees about proper password safety, the dangers of public Wi-Fi, recognizing and avoiding phishing schemes and scams, and handling lost or stolen devices. This will help in arming your employees with the necessary tools to defend against making a mistake that exposes your organization to cybercriminals.

No amount of training, however, will stop a disgruntled employee with ill intent, or a malicious employee who wants to cause harm to do damage.

These latter two categories need specialized attention: an insider threat program. The Wall Street Journal explains:

“Companies are increasingly building out cyber programs to protect themselves from their own employees.… Businesses … are taking advantage of systems … to find internal users who are accidentally exposing their company to hackers or malicious insiders attacking the company. These ‘systems,’ however, can prove costly, especially for the small-business owner. While investment in a technological solution is one way to tackle this serious problem, it’s not the only way. ”

Aside from the expense of costly monitoring programs, what types of issues should employers include in an insider threat program? Here are seven suggestions:

• Heightened monitoring of high-risk employees, such as those who previously violated IT policies, those who seek access to non-job-related business information, and those who are, or are likely to be, disgruntled (i.e., employees who express job dissatisfaction, who are on a performance improvement plan, or who are pending termination).

• Deterrence controls, such as data loss prevention, data encryption, access management, endpoint security, mobile security and cloud security.

• Detection controls, such as intrusion detection and prevention, log management, security information and event management, and predictive analytics.

• Inventories and audits for computers, mobile devices and removable media (i.e., USB and external hard drives), both during employment and post-employment. 

• Policies and programs that promote the resolution of employee grievances and protect whistleblowers.

• Pre-employment background checks to help screen out potential problem employees before they become problems. 

Termination processes that remove access as early as possible for a terminated employee.

Do you think you’re too small to worry about devoting resources to these issues? Consider, according to, that 98 percent of all companies have suffered a cyberattack, the average company suffers a minimum of 11 cyberattacks per day, and 40 percent of companies lack any type of cyber-incident response plan.

No company can make itself bulletproof from a cyberattack. Indeed, for all businesses, data breaches are a when issue, not an if issue. However, ignoring the serious threat insiders pose to your company’s cybersecurity will only serve to accelerate the when.

Jon Hyman is a partner at Meyers, Roman, Friedberg & Lewis in Cleveland. Comment below or email Follow Hyman’s blog at

Jon Hyman is a partner in the Employment & Labor practice at Wickens Herzer Panza. Contact Hyman at


blog workforce

We build robust scheduling & attendance software for businesses with 500+ frontline workers. With custom BI reporting and demand-driven scheduling, we help our customers reduce labor spend and increase profitability across their business. It's as simple as that.

Book a call
See the software

Related Articles

workforce blog


4 Ways to Maximize HR and WFM Data

Technology and cloud-based applications and platforms enable companies to gather more data, but can the...

workforce blog


How to prevent workforce management system outages: mitigation through redundancy

Summary Workforce management data breaches and outages are a very real threat Businesses should build r...

data breach, network security, payroll system, system outage, workforce management

workforce blog


Kronos (UKG) data breach leaves businesses in the dark for “several weeks”

Summary Workforce management company Kronos (UKG) suffers ransomware data breach Kronos Private Cloud a...

data breach, Kronos, ransomware, security, UKG