When Trusted Insiders Goes Bad

A recent survey conducted by Gartner of 186 participants released in May 2016 exposed that trusted employees and contractors that create insider threat by leaking privileged information often have the same motive: financial.

Called “Second Streamers” these insiders defraud their employers by circumventing internal controls, stealing digital assets such as privileged data or intellectual property, gaining financial advantage, or other benefits. This information on insider threat also drew from 140 actual incidents.

So Is The Landscape Improving…

At 62% of all responses reporting misuse of privileged access, this is an alarmingly high number. It also shows that these second streamers’ motivations to obtain financial gain through trading internal data are real and prevalent. Common situations involve direct fraud or broader motivations including providing suppliers with information that undermines the organisation’s negotiating power.

With the Gartner report in mind and looking back at how this threat has increased, in 2007 a KPMG study found that just 4% of all reported cyber-attacks were caused by malicious insiders, but only three years later, that number had risen to 20%.


The actions of an individual accessing and taking data from inside an organisation while only operating with what was defined as “low-level” access must make businesses reconsider how access to systems is controlled and monitored. It’s almost impossible to attempt to identify every motivation that could drive an insider to act against an organisation they’re a part of. That said, we do have enough evidence from our entire human history to know that generally, it will come down to these three:

  • Money
  • Ego
  • Ideology

Taking these threats seriously should be motivation enough for business to implement the appropriate technology to control access to critical core systems. Compliance and industry-specific regulations should also be a key consideration for businesses to demonstrate control over their most precious asset.

What To Look For In A Credible Solution…

A robust Privileged Access Management system will remove the risk of data ending up in the wrong hands and should have the following attributes embedded:

  • Secure privileged passwords in a certified password vault, allowing you to hide or reveal, to generate or change target passwords with full confidentiality
  • Ensure that only authorized users and admin accounts are able to access powerful privileged identities
  • Prevent users from being able to elevate privileges without authorization
  • Establish strict accountability and security controls over the use of privileged accounts by tracking access requests, who accessed what accounts, and what actions were taken
  • Improve forensic analysis and contribute to regulatory compliance by generating a detailed, tamper-proof audit trail of all privileged activity
  • Rapidly detect and alert on anomalous activity that could signal an inside attack in-progress

WALLIX Bastion has been designed not only to deliver complete visibility over privileged user activity, and therefore mitigate risks relating to privileged access, but to do so in the simplest, most intuitive way. This is accomplished through unobtrusive and rapid deployment.