An employee stole/exposed confidential company information!

Insider breach incidents are caused by employees of an organization who have or at some point had access(physical or remote) to an organization’s assets (data, network, systems, etc.), and intentionally or unintentionally abused that access thereby negatively impacting the security of the organization’s information or information systems.

Intentional Insider Breach
Intentional insider breaches may be triggered by several factors, including but not limited to:

  • Financial benefit
  • Outsider recruitment
  • Desire for revenge
  • Desire to hold on to intellectual property

Unintentional Insider Breach
Insider data breach can also be caused unintentionally by accidental disclosure of data through websites, email, fax, improper disposal of records, loss of equipment, or by an internal employee falling victim to a social engineering scheme.
A malicious insider could cause damage by introducing viruses, worms, or trojan horses in your organization’s systems or network; stealing money; stealing or leaking sensitive information; stealing identities of specific individuals in the organization.

Top Recovery Tips

1. Don’t Panic. Immediately isolate the compromised system(s) and preserve evidence.

When an insider breach occurs or is suspected, it is imperative that you contain the damage quickly to protect customer data and preserve evidence in case of a forensic investigation. Subsequently, work towards identifying the root cause for the incident and execute your incident response plan if you have one. If required, call on third-party forensic and technical experts to help determine the source of the breach and the extent of the damage.

2. Deactivate accounts of malicious insider and reset credentials.

Make sure you deactivate all accounts associated with the malicious insider and reset all the credentials. Also ensure you have enforced separation of duties effectively by allowing least privilege access.

3. Inform relevant persons and follow legal requirements:

Inform employees, stakeholders, etc. about the breach if necessary after the identity of the malicious insider is confirmed. Also, if any sensitive information such as cardholder data is confirmed or suspected to be stolen, contact your local law enforcement.

Insider breach may result in many other incidents such as PII breach, IP breach, introduction of malware, card holder data compromise, etc. If you are concerned about such incidents being caused by an insider, refer to the specific breach section above.

Our Diamond Sponsors