Skip to main content

Addressing Insider Cybercrime | Optiv

October 13, 2014

In a previous blog post, I discussed what triggers insider threat within an organization. Understanding these threats is important so that your organization can take the necessary steps to prevent insider cybercrime. To help minimize the risk, organizations should maintain an open, two-way line of communication with their employees, especially following an event that could affect morale, such as layoffs. Organizations can also keep technology on their side by configuring their systems to recognize potential issues before they become big problems. 

Unfortunately, even the best preventative measures do not work 100 percent of the time. It is important to have a plan in place should your organization find itself the victim of insider crime. We know insider crime must be addressed as soon as it is discovered, but what should that response include?

Law Enforcement

The 2014 U.S. State of Cybercrime Survey found that 75 percent of organizations who have experienced a cybercrime do not involve law enforcement. This is a troubling statistic because it means that criminals are left unpunished for their attacks, and they are also free to be hired by other unknowing companies where they could wreak havoc again. When any type of crime occurs within your organization, it is essential to follow proper protocols and contact the police. Insider cyber perpetrators can range from a recently fired employee whose network access was not revoked in time, to a former employee who took company trade secrets or sales information to their new organization. 

Information and Forensic Data

This is your main source of evidence, so it is vital that you gather the necessary information and keep it safe from being altered or destroyed. Make copies of your data, and then make copies of your copies. Go into this situation with the mindset that you will stick with it all the way to the end, which will likely mean a trip to a court of law. You must be prepared to present an expert witness and testimony, and have all paperwork in order so you have the strongest possible case. To avoid the manual process of collecting evidence, your organization can invest in an enterprise forensic system. 

Legal and Public Relations

Your plan should also include how you’ll manage the legal and public relations aspects of dealing with an insider crime. Navigating these paths can be tricky, and I recommend leveraging a partner who can help from an organizational side.

Industry Reporting

If your organization finds itself dealing with even a minor breach, it’s still important to investigate and report the data to industry groups that study cyber trends. One issue we see with insider crimes is that organizations simply don’t report data, so we don’t know how big the problem is. By providing the industry with all information about an incident, your organization can help others keep the problem under control. 

If your response plan is standardized and put into action quickly, you can avoid catastrophe and hopefully bring a cybercriminal to justice.  

    James Robinson

By: James Robinson

Vice President, Third-Party Risk Management

See More

Related Blogs

February 15, 2018

Security Simplified

It's no secret that data breaches are an ugly reality for businesses today, and despite ever increasing investments, organizations seem unable to stem...

See Details

November 09, 2017

Third-Party Breaches Will Continue Until Morale Improves

I have some bad news for you: breaches at third parties are not going to stop – not any time soon. Various studies show that somewhere between one-thi...

See Details

September 25, 2017

DDoS Threats: Are Your Third Parties Protecting You?

There’s evidence that ransomware may be evolving beyond holding data hostage. In recent news, DDoS attacks were used as a threat against organizations...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 28, 2014

What Triggers Insider Threat?

When asked, “Do you have an insider threat problem?” many organizations might conclude that they have no issues and nothing to worry about, others adm...

See Details

January 24, 2014

Trends in Credit Card Data Breaches and Why You Should Be Concerned

As FishNet Security's Incident Management team handled credit card data breaches, PFIs and other response engagements in 2013, they observed a rise in...

See Details

May 14, 2015

Incidence Response Preparation | Optiv

The NHL and NBA playoffs are in full swing now with sports analysts and millions of crazed fans assessing and re-assessing every move the players make...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.