As the value of enterprise data continues to grow, businesses suffer heavy losses from actions by malicious insiders, especially those employees that are about to leave. If a company lacks necessary data protection and user behavior control tools, such employees can cause major damage to its information assets. This is a digest of data leaks by malicious employees that are about to leave, prepared by InfoWatch Analytical Center.
Insiders who damage information systems not only often cause direct business losses, but sometimes hurt their employers even after dismissal. For example, a patrol officer for a U.S. security company used an admin password to access the company’s payroll system and inflate his work hours. Furthermore, a few months after leaving the company, he hacked the company’s website, stole proprietary data and erased some files. As a result of his misconduct, the court awarded the company over $318,000 in damages.
The personal information (names, addresses, account balances, and phone numbers) of 169 customers who each had over ¥100 million (approximately $1 million) deposited in the Bank of Saga (Japan) was stolen by a former employee and handed to a group of criminals who used it to pilfer money from victims’ accounts.
Not every insider violation is a rash act. In some cases, employees think the crimes through and exploit the information system for a long time. Thus, last year, a cyber department of the Ukrainian national police exposed a former technical employee of the Ukrainian pension fund who stole some 250 various databases marked as ‘for sale’. The police found out that the criminal managed to lay his hands on social security forms, data on pensioners and deceased citizens, information about passports lost in Crimea, and even phone databases of both Ukrainian law enforcement officers and the breakaway regions.
Even when a confidential information leak by an employee does not cause direct financial losses, a company is still likely to suffer indirect losses, such as process recovery costs, legal costs, loss of profit as a result of a trade secret leak, or loss of customers' trust due to personal data compromising. Manufacturing enterprises should particularly watch out for know-how leaks. Thus, Anchi Hou, a former employee of DuPont, for several months took pictures in restricted areas of DuPont's plant and transferred sensitive files from the work desktop to his personal computer. Hou admitted to stealing the data in order to run his own consulting business after retiring.
Even though most malicious employees steal data to earn money, solve personal problems, or help their employer’s competitors, some do it out of revenge, curiosity, or love. For example, Barinder Sandhu, a former senior executive of Teva Pharmaceutical Industries Ltd., an Israeli pharmaceutical company, provided confidential information to Jeremy Desai, CEO of Apotex, with whom she was in a romantic relationship. Apotex is a Teva’s competitor in the U.S. and Canada.
“Leaving employees not only pose cybersecurity threats, but also may cause direct financial losses to a company,” noted Andrey Arefyev, Head of Advanced Development Department, InfoWatch Group. “HR specialists claim that the cost of losing an employee equals their annual salary and includes losses caused by underperformance of a leaving employee, their severance pay, as well as efforts and time spent for new employee search and onboarding. Early detection of and combating malicious actions initiated by leaving employees could benefit the entire company and be demanded by not only a cybersecurity team, but also other company’s business units.”