Incidents of internal origin (insider) can bring terrible consequences for organizations.
In the following article “Insider, the two faces of the employee“, the CERTSI * echoes the internal risk (intentional / unintentional) and considers some of the possible causes. The motivation of actions carried out by disgruntled employees or internal threats may have different origins, including:
- Money: The attacker is motivated by the possibility of obtaining a sum of money for the actions he is going to carry out.
- Revenge: In this case, discontent is usually the greatest motivation. A dismissal in which the two parties do not agree or problems with co-workers, can motivate a former employee to take harmful actions for the company from which he has been dismissed. The former employee does not seek economic gain or favor other companies, simply wants things to stop going well for the company that has fired.
- Distraction: An internal threat can originate as a distraction to perform other malicious actions and prevent the main objective of the operation from being revealed.
- Ignorance: It may be the case that an employee leaves public services that should not be or take actions without knowing
- Industrial espionage: It may be the case that the actions performed are motivated by another company of the competition to obtain privileged information about their processes.
- etc (Know more origins by contacting Kymatio)
Complete article: (Spanish) https://www.certsi.es/blog/insider-las-dos-caras-del-empleado
* About the CERTSI
The CERT for Security and Industry (CERTSI), is the Capacity to Respond to Incidents of Information Security of the Ministry of Energy, Tourism and Digital Agenda and of the Ministry of the Interior. By agreement of the National Cybersecurity Council of May 29, 2015, CERTSI is the National CERT competent in the prevention, mitigation and response to cyber incidents in the field of businesses, citizens and operators of critical infrastructure.
Operated technically by INCIBE, and under the coordination of the CNPIC and INCIBE, the CERTSI was established in 2012 through a Collaborative Framework Agreement on Cybersecurity between the Secretary of State for Security and the Secretary of State for Telecommunications and for the society of the information. It is currently regulated by an Agreement of October 21, 2015, signed by both Secretaries of State.
Operators of critical infrastructures, public or private, designated by virtue of the application of Law 8/2011, have in CERTSI their point of reference for the technical resolution of cybersecurity incidents that may affect the provision of essential services, according to the Resolution of September 8, 2015 (published in the BOE of September 18), of the Secretary of State for Security, which approves the new minimum contents of the Operator’s Safety Plans and the Plans of Specific Protection.