The Enemy Within: Insider Threats

Elizabeth Ogbeche
Elizabeth Ogbeche

The Yorubas say, “The worm that eats the vegetable resides in the vegetable.” Similarly, an Igbo adage goes, “It is the rat that resides in the house that shows the outside rat how to navigate the house.” Remember the tale of the Trojan horse? When Troy couldn’t be conquered from the outside, the Greeks found a way in by hiding soldiers inside a wooden horse. The lesson is clear: sometimes, the greatest threat comes from within.

Picture this: An employee works hard and eventually asks for a raise. The company reviews the request but says it isn’t feasible now, promising to revisit the matter next quarter. The employee, aware that the company made a 30% profit that quarter, becomes disillusioned. Gradually, they begin to neglect security policies. This laxity leads to a breach that damages the company’s reputation.

In another case, a departing employee decides to cash in before leaving. They begin selling the company’s intellectual property and strategic plans to a competitor.

Consider two employees who bonded in university and now work in different departments. Their friendship leads to relaxed boundaries. One casually shares sensitive company information without realizing the implications. One day, the friend resigns suddenly, and the company secrets are leaked. The remaining employee is left to face the fallout.

Now, imagine a company hires a cybersecurity specialist after a thorough interview process. Unknown to them, the new hire is a trained corporate spy working for a competitor.

Or take the story of an IT staff member who is underperforming and abrasive. The company eventually fires him, but forgets to revoke his access. Soon after, important documents are mysteriously deleted, and the company website crashes during peak business hours.

It doesn’t end there. Organisations often rely on third parties, such as financial services or cloud storage providers. A disgruntled employee from one of these vendors could access and steal company data or funds.

Would you consider these cyberattacks? These are all examples of insider threats. A type of cyber risk that originates from people within organisations or trusted partners.

Let’s dive deeper into what insider threats are and how you can protect your organisation from them.

What Insider Threats Are

Insider threats originate from individuals authenticated and authorized to access company resources. Fortinet defines insider threats as individuals using their authorized access to an organization’s data and resources to harm the company’s equipment, information, networks, and systems. The threat may involve fraud, corruption, espionage, degradation of resources, sabotage, terrorism, and unauthorized information disclosure.

These individuals (employees, former employees, contractors, and business associates) know the company’s security practices, data, and computer systems. An interesting point to note is that the risk from these individuals to the organisation may be intentional or unintentional.

Individuals Involved in Insider Threats

  • Pawns: These individuals are often targeted using social engineering techniques and manipulated into downloading malware or revealing their credentials, which the threat actors use to access company resources.
  • Turncoats: Turncoats turn on the company for financial gain or because they feel they have been wronged. These individuals, because of these wrongs, voluntarily assist cybercriminals in harming the company. Some of them may work with standard organisations to bring the company down if they are aware of non-code standards.
  • Collaborators: In return for financial gain, these individuals work in tandem with cybercriminals. They use their authorized access to steal sensitive data, such as customer information or intellectual property, or to disrupt business operations.
  • Goofs: These are those employees who feel they are above company security policies, or the policies are not important enough. Their actions inadvertently expose data and resources to be unsecured, giving opportunistic access to attackers.
  • Lone Wolf: These are also classified as insider threats because they gain access to company resources, irrespective of whether it is gained illegally. They hack into the company’s systems, elevate their privileges, and gain access to sensitive information they use as they please.

How Do You Know There Is An Insider Threat In Your Company?

  • The existence of backdoors that were installed by others apart from the red team for penetration tests.
  • Installed software like TeamViewer or AnyDesk that enables remote access and/or physical servers illegally installed on your premises.
  • Software not authorised or installed by the IT department may act as a Trojan.
  • Unexplained changed passwords, especially when the user cannot recall changing it.
  • Unauthorised tweaks to firewall and antivirus settings or their deactivation.
  • If a malware is detected, trace its origin to be sure it wasn’t installed internally.
  • Access to the company’s servers, databases, or network at odd times.

How To Protect Your Company From Insider Threats

  • Employee and User Training: These would emphasize security polices to employees, eliminating the risk of goofs. These would also reduce insider risk threats from pawns as they would recognise and be guarded against social engineering attacks.
  • Identity and Access Management (IAM): IAM manages user identities, authentication, and access permissions, ensuring the right users and devices can access the right resources at the right time. Privileged access management (PAM), a subdiscipline of IAM, focuses on finer-grained control over access privileges granted to users, applications, administrative accounts, and devices. PAM would eliminate the risk from disgruntled former employees, as it would immediately and automatically limit their permissions or immediately decommission the accounts of users who have left the company.
  • User Behavior Analytics (UBA): This uses advanced data analytics and artificial intelligence (AI) to model baseline user behaviors and detect abnormalities that can indicate emerging or ongoing cyberthreats, including potential insider threats. 
  • Offensive Security: Offensive security uses the same adversarial tactics that black hat hackers use in real-world attacks to strengthen network security rather than compromise it. Contract ethical hackers, cybersecurity professionals who use hacking skills to detect and fix IT system flaws, security risks, and vulnerabilities in the way users respond to attacks. Ethical hackers use phishing simulations and red teaming, simulated, goal-oriented cyberattacks on the organization. The result is to gauge the security posture of the company and recommend measures that can help strengthen insider threat prevention.
  • Detection: Install IDPS and SIEMs to monitor the organization’s security in real time to ensure threats are contained before they spread. This would deter lone wolves and detect backdoors.

Next Steps

Insider threats are real, rising, and ruthlessly effective. The Ponemon Cybersecurity report states that the average annual cost of insider threats reached USD 17.4 M in 2024. As the stories and statistics show, the greatest dangers to an organization often come from those within its walls, employees, contractors, partners, or associates who misuse access, either carelessly or with calculated intent.

No matter how advanced your external defenses are, a single overlooked access point, a disgruntled employee, or a trusting colleague can compromise your entire infrastructure. The consequences? Financial loss, intellectual property theft, reputational damage, and regulatory penalties.

The good news is that insider threats are preventable, but only if your organization moves beyond reactive security and embraces a proactive, holistic strategy. Don’t wait to be affected to learn the cost of inaction. Secure the cybersecurity and future of your organization from the inside out. Now is the time to act: send an email to us at info@hacktales.com.ng. We are equipped to help you in the following ways:

🔐 Invest in layered protection.

🧠 Train your employees to recognize social engineering tactics and follow security protocols.

🕵️ Deploy ethical hackers and simulate real-world attacks to expose vulnerabilities before adversaries do.

📊 Monitor relentlessly with real-time analytics and detection systems.

Share this article

Share on linkedin
Share on facebook
Share on twitter
Share on whatsapp

OUR NEWSLETTER

Get access to the latest cybersecurity news, tricks, tips and career updates.

Subscribe

Company

Community

Social Media

Connect with us

Linkedin Instagram Twitter Facebook

Coypright © 2026 Hacktales. All rights reserved.

Scroll to Top

Newsletter Signup Successful!

Thank you for signing up to our newsletter. Your subscription was successful