The fastest way to get CISSP Certified. Join our bootcamp
One of the biggest internal threats that we face comes from disgruntled employees. These are employees who have some ill will toward the company and have the capacity to harm it. Sometimes, an employee may feel wronged by the company and simply want revenge. At other times, they may be stealing company resources as part of a criminal enterprise. Regardless, they can cause immense damage to an organization, so we need to be on the lookout for disgruntled employees and prepared to take steps to mitigate any threats from them.
One good example of an insider threat is the UK man who was jailed for causing £200,000 of reputational damage and lost business to his employer. The man was initially suspended for a separate incident, but still retained his access to the company’s systems. He then accessed the computer systems, changed the login credentials and the organization’s multifactor authentication, which ended up disrupting the activities of his employer’s local and international clients.
What went wrong?
We don’t know the details behind the man’s initial suspension, but we do know that the company screwed up. When the man was suspended, he retained his access to company systems. This is a big problem, because even if the man was rightfully suspended, it’s pretty obvious that a suspension can cause a person to become disgruntled. If a person feels that they have been mistreated or has dissatisfaction toward the company, this increases the risk that they will take malicious action.
Regardless of whether the company was right or wrong in suspending the employee, they should have removed his access for the duration of the suspension to limit their risks. They should have only returned his access upon the completion of the suspension if the company had determined that he did not pose a threat. This can be a little challenging, because it’s hard to know what is going through an employee’s mind when they have been disciplined. Some may still harbor a grudge yet keep it hidden.
Despite this, the employee should not have been working during his suspension and therefore he wouldn’t have needed access to the systems at the time that he caused the damage. The company would not have suffered this damage if they had also suspended his access while the situation was resolved. This could have involved some kind of mediation, or the company may have decided that it was in its best interests to terminate the individual.
Protecting your company
If you want to protect your company from insider threats, the National Institute for Standards and Technology (NIST) recommends creating an insider threat program. This program should include:
- A cross-discipline insider threat incident handling team.
- A senior leader who is charged with oversight of the insider threat program.
- Controls for detecting and preventing malicious activity from insiders.
- A centralized integration and analysis capability that uses both technical and nontechnical information to identify potential insider threats.
- Host-based monitoring of employees.
- Insider threat policies and implementation plans.
- Insider threat training and awareness.
Another NIST standard recommends that your organization watches out for the following potential signs of an insider threat:
- Long-term job dissatisfaction.
- Attempts to access company information that isn’t relevant to the employee’s role.
- Bullying or harassment of other employees.
- Inexplicable access to financial resources, such as if a junior employee suddenly shows up to work in a Maserati.
- Other violations of policies and procedures.
Looking out for these signs of an insider threat can help organizations catch them earlier, which can limit the amount of damage that they can inflict.
The easiest and fastest way to pass the Security+ exam
Build Your Cybersecurity Foundation. Our team has helped thousands of professionals succeed with advanced certifications like CISSP and CCSP. Now we've taken that same proven and tailored it specifically for Security+!
Win a FREE Security+ Exam
Enter to win a $370 Security+ exam and kickstart your cybersecurity career!
Or share this with someone who might be interested.
Act fast—promotion ends July 31, 2025.
Prepare to Pass CCSP: Get the Right CCSP
APP
Studying for the CCSP? Big news! We’ve just added 1,000 brand-new questions to our CCSP Exam Prep App—giving you even more ways to test your knowledge and boost your confidence. Whether you're brushing up on cloud security concepts or getting serious about exam day, the updated app is packed with fresh content that reflects the latest exam trends. Study anytime, anywhere, and get one step closer to becoming CCSP certified.
Free CCSP Data Center Design Mini MasterClass
If you’re interested in cloud security, check out our new FREE Mini MasterClass. It digs into data center design.
It’s based on the CCSP certification requirements, but even if you’re not thinking of getting certified, what you learn is very useful in practice if you ever need to deal with data centers.
