June 2


Trends of Insider Threats and Attacks

The number of insider attacks has increased by 44 percent in the last two years. An insider attack can be expensive for your organization in money and time. You can lose credibility with your customers and business partners.

What are the biggest threats right now from insider attacks? How can you protect your enterprise?

Find out what the next cybersecurity insider attack might be and how to prevent it.

Who Commits an Insider Attack?

An employee, former employee, or contractor who maliciously steals data is probably the first type of insider that comes to mind. These types of bad actors have a variety of motives. Money is the motivation for 86 percent of all deliberate security breaches.

In fact, more than two-thirds of insider threat incidents result from negligence. A normal employee can make a mistake that leads to lost or compromised data. A bad actor can also take advantage of an employee's honest mistake.

The biggest factor that contributes to insider threats is a lack of employee training (58 percent). The second biggest factor is insufficient data protection (51 percent). The third is an increasing number of devices with access to sensitive data (51 percent).

Phishing Attacks

Phishing is the cause of 67 percent of unintentional insider threat incidents. Despite general awareness of phishing techniques, many employees still fall for these attacks. Phishing attacks usually come over email, but they now occur over the phone, social media, and apps as well.

Some phishing attacks trick the target into giving up sensitive information, like passwords or bank details. Another common phishing technique is to deliver malware. The target downloads a compromised document or clicks a bad link. Email is still the source of the vast majority of malware.

Spear phishing targets specific groups or individuals. Spear phishing is an effective way for criminals to access an organization's network. The message looks like it came from a trusted source. The target is more likely to click the link or give up sensitive information.


Ransomware is another tried-and-true insider attack that continues to pose a significant threat. Ransomware encrypts your files so that you can't access them. The criminal then demands a ransom to restore your access.

A new development in ransomware is that instead of just encrypting your data, the criminal posts it on public servers. If you don't pay the ransom, the criminal threatens to make the data publicly available.

Government agencies are an attractive target for ransomware. They usually need immediate access to their data, so they seem more likely to pay a ransom.

The growth of Ransomware-as-a-Service (RaaS) contributes to the growth of ransomware itself. Cybercriminals offer their ransomware for a fixed fee or a percentage of the ransom. Some RaaS strains advertise on the dark web with banner ads and forum postings. This shows how quickly they are becoming established.

RaaS makes ransomware available to malicious individuals who are less sophisticated. Even without knowing how the ransomware works, they can use it successfully.

RaaS like Phobos specifically attacks employees working from home. It targets the Remote Desktop Protocol to gain network access.  

Browser Attacks

More people working from home lets bad actors target users through their browsers. A browser attack can start with a phishing email that installs malware on the user's device. Hackers can also put malicious code into a legitimate website or application.

Home Network Attacks

The shift from corporate to private networks due to working from home opens the door for cybercriminals. Attackers target consumer-grade routers and IoT devices.

Criminals frequently use home network attacks to create a botnet of compromised devices. Botnet detections in spring 2020 found Mirai and Gh0st most frequently. These botnets are from 2016 and 2014. They target older weaknesses in consumer IoT devices. Home networks with poor security make access easier.

Bad actors can gain access to your organization's network through employees' home network.

Operational Technology and Industrial Control Systems

More employees are working from home. Organizations are using new technologies to support this remote work. The hardware and software monitor and controls physical processes, devices, and infrastructure. It is also vulnerable to attacks.

Criminals are developing more sophisticated ways to infiltrate air-gapped or highly restricted networks. Industrial control systems are still a less popular target than IT systems. The trend remains important.

Pandemic-Related Scams

Cybercriminals have been quick to profit from the COVID-19 pandemic. Coronavirus-related lures include terms like coronavirus, vaccine, chloroquine, and Remdesvir. These malicious domains take sensitive credentials or spread malware and spam.

A variety of actors used COVID-19 as a way to trick targets through different types of schemes. For example, malicious emails with infected documents seem to come from respected organizations like the CDC or the WHO. Nation-state backed attacks, phishing, and ransomware all used the pandemic.

Protect Your Organization from Insider Attacks

The best way to protect yourself against insider attacks is to prevent them from happening in the first place. Because employee negligence is a major cause of insider incidents, training is a critical step in prevention. You should teach your employees the importance of protecting their passwords and treating sensitive information with extreme care.

Limiting the number of users with access to sensitive information is another important part of securing your organization. Restrict access to employees who truly need sensitive information to do their jobs.

You can also identify high-risk behavior in your employees before it leads to a security incident. Hermathena Labs uses a machine-learning algorithm to analyze online behavior patterns. You tell us the risk level for your organization, and we'll notify you of any positive matches.

Contact us today and prevent the next insider attack before it happens.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Get in touch