Insider Attacks: How Hybrid Work Model Is Increasing Insider Risk?

The epidemic pushed us all to learn about concepts like exponential growth, lagging indicators, and flattening the curve. And these same concepts apply to how we should all be thinking about insider attacks right now.

Insider Attacks affect almost every firm today, with three out of four admitting that it is a major issue. However, knowledge of the issue is a “lagging indicator” of what is truly going on within most businesses.

The spread of cloud technology is driving Insider attacks. Most organizations haven’t prioritized upgrading their Insider Risk management skills.

71 percent of firms still don’t know what and how much sensitive data is moving beyond corporate visibility — or walking out the door with departing workers.

A poll was conducted surveying 700 US business leaders, security leaders, and practitioners. The purpose of this study, as with previous years, was to get a sense of the cybersecurity world’s data protection problems. Some of the highlights — or lowlights — are as follows:

Insider Attacks is a major concern for 96 percent of firms, and 73 percent say it is a major one. When an employee leaves, your firm has a one-in-three (37%) probability of losing intellectual property.

The lack of insight into what and how much sensitive data leaving workers to take to other firms concerns 71% of respondents.

Only 21% of firms have a specific component to manage Insider Risk in their cybersecurity budgets, up slightly from last year’s Annual Data Exposure Report.

Why Are Cloud Apps Useful?

Cloud technologies are driving the contemporary workforce. Cloud apps make it simpler to connect from anywhere, share and collaborate more easily, and get work done and value to market faster.

Companies are still working out how to strike the balance between remote and on-site work. But according to a recent PwC research, just around one-quarter of workers want to return to full-time office work.

Cloud apps are the engine that today powers the contemporary hybrid-remote workforce, regardless of where enterprises land on this.

However, these cloud super-tools have kryptonite of their own: The same characteristics that enable people to connect, develop, and interact more quickly and easily also make data exfiltration faster and easier.

Exfiltration through removable media (thumb drives, etc.) is on the decline, however, cloud exfiltration is on the rise, up 51% since Q3 2021. In early 2022, we expect that exfiltration using cloud services will become the preferred method of exfiltration.

These facts are reflected in the 2022 Data Exposure Report survey: Sensitive data stored outside of company stores, where security teams lack visibility, concerns 71% of cybersecurity professionals.

The issue here isn’t only that employees are purposefully conducting insider attacks. In fact, most instances of insider attacks are unintentional. Employees leave their passwords anywhere, their home systems aren’t protected. Company data is easily traceable and hacked from public networks that employees use when working from home.

5 Recent Insider Attacks and What We Can Learn From Them

Database leak at the Dallas Police Department by staff carelessness

What happened?

The city of Dallas suffered major data losses due to staff incompetence in a series of incidents in March and April 2021. An employee of the Dallas Police Department accidentally lost 8.7 million crucial police files, including video, pictures, audio, case notes, and other evidence. The family violence unit controlled the majority of the erased material.

What were the ramifications?

Only about three terabytes of data were retrieved after about 23 terabytes of data were lost. One of the numerous ramifications of the tragedy was the slowing down of some prosecutions. Lost stored data had evidentiary significance and may have preserved convictions in situations of domestic abuse. The Dallas County District Attorney’s Office may have been affected in around 17,500 cases.

What went wrong?

An IT employee lacked sufficient knowledge of how to properly move files from cloud storage. There was no harmful or deceptive conduct. The technician had only attended two seminars for training on the city’s storage management software between 2018 and the time of the event. Before destroying files, the IT staff failed to check for copies and paid little attention to backups.

The Dallas Police Department should have had a technology system in place to keep track of all sessions involving sensitive information. There may have been an opportunity to react to the deletion of files in response to real-time notifications in that situation. Similar instances should be avoided with regular data backups and personnel training on how to handle federal materials.

Marriott data breach as a result of a hacked third-party app

What happened?

Hackers exploited a third-party program used by Marriott to deliver guest services in January 2020. The attackers had access to 5.2 million Marriott guest records. Passport information, contact information, gender, birthdays, loyalty account information, and personal preferences were among the documents. At the end of February 2020, Marriott’s security staff spotted suspicious activities and closed the insider-caused security vulnerability.

What were the ramifications?

Nearly 339 million hotel guests were likely compromised by this big data leak. Marriott Hotels & Resorts was fined £18.4 million for failing to comply with the General Data Protection Regulation (GDPR).
Marriott had already faced £99 million (roughly $124 million) GDPR penalties for a data breach that occurred in 2018.

What went wrong?

Two Marriott workers’ credentials were stolen and used to enter into one of the hotel chain’s third-party applications. For two months, Marriott’s cybersecurity systems were unaware of these workers’ questionable activities. Marriott may have spotted the intrusion earlier if it had used third-party vendor monitoring and user and entity activity analytics.

Employees of Elliott Greenleaf stole trade secrets

What happened?

Four lawyers from the Elliott Greenleaf law firm seized the organization’s archives and erased its communications in January 2021.

Insiders at the Pennsylvania legal business stole critical data for personal gain and with a specific goal in mind: to assist Armstrong Teasdale and his rival law firm in establishing a new office in Delaware. The attorneys double-erased any emails that may have supplied proof after their destructive activities.

The corporation, on the other hand, had been making backups and discovered all of the erased emails.

What were the ramifications?

Former lawyers took much of the firm’s work products, as well as a large amount of correspondence, pleadings, secret and business information, and the client database.

Elliott Greenleaf was unable to compete in Delaware. Moreover, the attack forced them to close their Wilmington office.

What went wrong?

Attorneys planned their harmful conduct for four months, stealing firm files and the client database. They downloaded a vast quantity of data to personal Google Docs, Gmail accounts, and iCloud accounts, in particular. They also utilized a personal USB device without permission, yet their malevolent behavior went unnoticed.

By allowing the security team to observe and react to lateral (unclear) movements promptly, an employee monitoring system may have avoided hostile acts.

A former SGMC employee stole data

What happened?

A hospital ex-employee in Valdosta, Georgia, copied sensitive data from the South Georgia Medical Center to his USB drive the day after he departed for no apparent reason in November 2021. This is an example of a malicious insider threat in which the insider was unhappy, dissatisfied, or had other personal motivations to harm the company.

What were the ramifications?

Patients’ test results, names, and birth dates were disclosed. The medical facility was required to give additional services to all patients affected by the breach, including free credit monitoring and identity restoration.

What went wrong?

A former employee had legal access to the information he obtained and faced no barriers in carrying out his plans. South Georgia Medical Center’s security software, on the other hand, sent a warning in response to an illegal data download. It alerted cybersecurity personnel to an employee transferring sensitive data on a USB drive.

Internal data breach cases like this one indicate that the firm in question was using monitoring software. The case of the South Georgia Medical Center was quickly discovered and resolved. However, effective access control technologies and rigorous need-to-know access restrictions might have prevented illicit access from the start. This incident could be avoided in your company with the use of a privileged access management system.

Scamming of Twitter users by phishing workers

What happened?

Hackers accessed 130 private and business Twitter accounts with at least a million followers apiece in July 2020. The attackers used 45 of these accounts to promote Bitcoin fraud. Barack Obama, Elon Musk, Bill Gates, Jeff Bezos, Michael Bloomberg, Apple, Uber, and other well-known people and corporations had their accounts stolen.

What were the ramifications?

$180,000 in Bitcoin was transferred to fraudulent accounts by Twitter users. Another $280,000 was banned by the bitcoin exchange Coinbase.

Twitter’s stock price dropped 4% after the event. The firm postponed the launch of its new API to upgrade security processes and train personnel on social engineering assaults.

What went wrong?

A series of spear-phishing attempts targeted Twitter workers. Hackers gathered information on remote employees, called them, posed themselves as Twitter IT officials, and demanded user passwords. The attackers then got access to administrator tools by compromising employee accounts.

They used these tools to reset renowned Twitter users’ accounts, alter their passwords, and tweet bogus messages.

Twitter didn’t identify unusual behavior in the admin tool until fraudulent messages were disseminated and noticed by the press in this cybersecurity insider threat case. UEBA and privileged access control solutions might have aided the organization in securing admin tools and detecting unwanted activity more quickly.

Steps to Minimize Insider Attacks in Your Organization

Now, since we know that the hybrid culture supported by cloud tech can increase insider risk, so let us discuss how can we minimize the risk in the organization:

1. Listen to and empower your employees
As the Work Trend Index data reveals, the epidemic has had a far-reaching impact on the workforce. Individuals may get overwhelmed or burned out as a result of stressful situations, putting the organization in danger.

To mitigate this risk and promote your employees’ well-being, you must establish channels and methods for listening to their concerns, receiving feedback, and assisting them in prioritizing.

Make sure your employees understand how much they are appreciated by the company and how crucial it is for them to keep you and your sensitive data safe and secure.

2. Embrace collaboration
Insider risk management initiatives frequently focus solely on the implementation of tools and technology, ignoring the critical organizational, risk management, and cultural concerns. Although technology is vital, it is only one component of a successful program.

Effectively addressing insider risk necessitates collaboration among corporate executives, HR, legal, and security. It also necessitates education and participation from all employees.

3. Take a comprehensive approach
Detecting insider threats can be difficult, and it might feel like looking for a needle in a haystack. We’ve discovered that having a comprehensive, purpose-built strategy that can draw signals together into a unified perspective throughout your business provides you a better grasp of important trends and greater risk reduction when engaging with clients. We selected this strategy to guarantee that it’s simple to get started with while still being flexible to satisfy a wide range of demands.


In conclusion, with adequate precautions and procedures, companies can minimize the risk of insider attacks. While the hybrid work model is extremely productive and increases employee happiness, proper training is required.

Give your employees adequate training and understanding of insider risk. Ensure all your employees follow the best security practices to mitigate insider risk.

Want to improve cyber security of your business?

Talk to our team of security specialists. We will assist you in implementing the best cyber security. Protect your business today with WPG.

Picture of Hitesh Patel
Hitesh Patel
Hitesh Patel is an engineer turned business owner of WPG Consulting. He is a techie enthusiast who believes in finding creative IT solutions to solve consumer problems.

IT Services You Can Count on WPG Consulting​

Managed IT Services

Cyber Security

Cloud Computing

Project Management

Disaster Recovery Planning

VoIP Services

IT Engineering

Strategic IT Consulting

Desktop IT Support

Software & eCommerce Development


Discover how can WPG Consulting help you?