Before the internet gave us ubiquitous connectivity, selling secrets was hard. Finding buyers and sellers required research, relationship building, and connection in person or by phone. Exchanging data was harder. It required physical media, and data exchange had to be done in person.
You’ve likely seen old spy movies where spies had microfilm with top-secret plans on it. In the 80s and 90s, floppy disks replaced the microfilm. USB sticks eventually replaced the floppies. Once the insider had the data on one of these physical media, they had to get the media in the hands of the buyer.
I liken this somewhat to being a jewel thief. If someone steals jewelry, they have to sell the jewelry without getting caught in order to get money for the stolen items. That means that the thief has to know someone (a fence) who will buy the stolen jewels, knowing they are stolen; otherwise, the jewelry is virtually worthless to them.
Your data is a valuable commodity in the right (actually, wrong) hands.
The whole process has undergone a digital transformation. Now, insiders seeking to sell insider data or credentials can find buyers and share data online. Buyers are actively seeking sellers. Buyers and sellers are connecting online in dark web forums and via messaging apps.
Typically, malicious insiders are motivated by financial gain, being disgruntled, revenge, or fear of being fired. Israeli authorities recently indicted a former employee of cybersecurity firm NSO Group for allegedly stealing source code for one of its products. Because the employee was under formal review by his employer, security pros were watching him closely. When data loss prevention (DLP) software indicated that he downloaded sensitive information, they tracked his actions and discovered he was trying to sell the information to third parties.
Protecting your data from insiders who seek to monetize it requires focused effort. Steps to protecting against malicious insiders include:
- Knowing what sensitive data you have and its value.
- Limiting unnecessary access to sensitive data and systems.
- Monitoring employees who exhibit risky behavior.
- Watching the internet for signs that your insiders are targeted or looking for sellers.
- Establishing an insider threat team.
Learn more about how insiders are monetizing their access and the steps you can take to defend against it in my report, “Defend Your Data As Insiders Monetize Their Access.”