To prove beyond a doubt that an insider is acting in an unauthorised way organisations can collect irrefutable proof of a perpetrator’s actions, deceiving insiders by planting fake assets or information.
Malicious insiders represent one of the greatest cyber threats an organisation can face. An insider armed with first-hand experience of the company’s most valuable assets, operating processes, and security precautions can cause a significant security incident far faster and with less warning than even the most advanced external threat actor. Motives can be diverse and range from disgruntled employees intent on causing harm to the business, to political sympathisers, to those looking to make a bit of money.
Read more on what can be done to detect malicious insider activity in this article by Carolyn Crandall at SC Magazine.