These days the threat of online attacks is a major concern for any business as the rate of cybercrime continues to skyrocket. Yet, hackers aren’t the only online danger about which companies now have to worry. In the face of record unemployment rates, disgruntled employees and desperate job seekers are increasingly lashing out by turning to cybercrime.
As finding employment remains difficult in a weakened economy, some job hunters are committing criminal acts in order to support themselves. A recent article in the San Francisco Chronicle highlights how this phenomenon has struck the Bay Area. According to the article, “Local law enforcers say the inability to find gainful employment has been a recurrent motivation behind new cases of identity theft and software piracy that drop on their desks almost daily.” In addition to this troubling trend, a recent study found that approximately 60 percent of employees who are laid off hang on to company data. This crucial information, which can range from client credit card numbers to important source code, can be sold to cybercriminals or used as a bargaining tool to gain employment from a competitor.
Some workers choose to attack their employers more directly. Earlier this month a Bank of America employee in North Carolina was charged with installing malware in more than 100 ATMs in order to steal $304,000. The malicious code used in the theft, written by the employee himself, allowed him to withdraw cash undetected. While the theft affected only the bank and not BofA customers, the incident illustrates how employees can access sensitive client and company information with relative ease.
Insider cybercrime not only puts confidential information and networks at risk but has also causes huge financial losses. A 2009 study estimates that displaced employees have cost businesses $1 trillion globally. With rates of this type of cybercrime also on the rise, employers must now think of protecting themselves from cyberattacks from both the outside as well as from within. An article featured on the technology blog ReadWriteWeb lists a helpful guide for businesses:
Summary of Best Practices for the Prevention and Detection of Insider Threats
- Institute periodic enterprise-wide risk assessment
- Institute periodic security awareness training for all employees
- Enforce separation of duties and least privilege
- Implement strict password and account management policies and practices
- Log, monitor, and audit employee online actions
- Use extra caution with system administrators and privileged users
- Actively defend against malicious code
- Use layered defense against remote attacks
- Monitor and respond to suspicious or disruptive behavior
- Deactivate computer access following termination
- Collect and save data for use in investigations
- Implement secure backup and recovery processes
- Clearly document insider threat controls
Hopefully, the rates of insider cybercrime will start to abate as the economy slowly improves. Yet, if the overall rate of cyberattacks continues to soar and the majority of company data remains stored online, what’s to stop desperate employees from turning to these types of criminal actions?