Ransomware and Your Employees – The New Battleground

Organisations face many challenges, and the last few years have been testing for everyone. We don’t always know what the future holds, but we know that being prepared for today’s challenges can secure business success today and in the future. 

One of the major challenges that any organisation faces is the battleground of information security. With the recent increase in ransomware attacks in the last decade, costing businesses $20 billion (US) in 2021 alone; there are many reasons to understand what ransomware and insider threats are, and how to avoid being a victim of these security threats. 

In this guide, you will discover what insider threats are and how to prevent them. 

Insider Threats – A Growing Concern

Insider threat is when someone inside an organisation uses his or her authorised access, wittingly or unwittingly, to do harm to the company’s/department’s mission, resources, personnel, facilities, information, equipment, networks, or systems. It is a form of internal cybersecurity threat.

Traditionally, cybersecurity measures tended to focus on external threats, from cyber attacks to phishing scams, that can cause widespread damage to an organisation. However, insider threats are now becoming more prevalent, and they are more likely to be done unintentionally, as systems become more complex and the origin of the issues can be multi-faceted. 

In 2019/2020 incidents caused by insider threats accounted for 66% of those reported by organisations. This threat is growing among organisations who have large teams and staff who have access to local and organisation information. 

Types of Insider Threat

Insider threats can pose serious safety issues for an organisation and its staff.  

Here are some different types of insider threats:

  • Malicious insider or turncoat
    • Someone who uses their legitimate credentials (staff members with logins) to do something nefarious. In most cases it is an employee or contractor – someone who is supposed to be on the network and has legitimate credentials, but is abusing their access.
  • Careless insider or pawn
    • Can arise from mistakes.
    • Innocent exposure of sensitive information.
    • Clicking on malicious links without adequate consideration.
    • Losing a laptop with information on it.
  • Mole or imposter
    • Somebody who is effectively an outsider – gaining insider access to systems e.g someone posing as an employee or partner organisation.

Risky employee behaviour can be broadly classified in three different ways:

  • Malicious
  • Negligent
  • Accidental

Whilst you can’t do a lot in accidental leaks, such as the pawn insider threat mentioned earlier, there is a lot you can do to protect your systems from malicious or negligent behaviour. 

Insider Attack Examples

If you think that you or your organisation are the only ones getting targeted, then you’re mistaken. Of course, organisations of all sizes have been attacked and insider attacks are becoming so much more common, and better known that there are examples we can all learn from to better protect your organisation in the coming future.

Here are some examples: 

  • Medical Packaging Co.
    • After being let go, an employee went into the system and granted themselves Administrator access, who then went on to edit and delete over 120,000 records, which meant that deliveries were delayed to medical providers.
  • Bupa
    • In 2017, thanks to an in-house customer relationship management system, an employee copied information, deleted it from the database, and then tried to sell it on the Dark Web.
    • The breach affected 547,000 customers and in 2018, after an investigation by the ICO, Bupa was fined £175,000.
  • Tesla
    • In September 2020, a Nevada court charged Russian national Egor Igorevich Kriuchkov with conspiracy to intentionally cause damage to a protected computer. Kruichkov attempted to recruit an employee of Tesla’s Nevada Gigafactory. Kriochkov and his associates reportedly offered a Tesla employee $1 million, to transmit malware onto Tesla’s network via email or USB drive to exfiltrate data from the network.
  • Abnormal Security
    • In 2021 employees received messages encouraging them to deploy ransomware offering a reward of $1 million in crypto.

Strategies to Prevent Insider Attacks

There are many different ways that you can prepare yourself and your teams to prevent insider attacks. Firstly, you need to be aware that insider attacks occur when either people don’t have enough information about how they happen, or they have too much knowledge coupled with access to perform one themselves. Being able to better train your teams to see the risks is essential. 

From possible negligence to carelessness, good training will help mitigate many of the common issues that can happen within an organisation. From simple solutions, to running daily virus checks, to being secure in understanding what a ransomware attack can look like, and how emails can look harmless but cause potential threats. 

In order to better train your teams, you need a threat mitigation program. This is the process of developing options and actions to enhance opportunities, and reduce threats to project objectives. 

One simple solution can be to limit network access and robustly monitor activity. Who requires access to parts of the organisation and who doesn’t? What information is essential and what information isn’t? 

Be vigilant – look out for early warning indicators such as:

  • Out of hours remote access
  • Unusual network activity
  • Unexplained access to large volumes of data
  • Staff accounts being accessed whilst on holiday

You should continuously test and validate existing cybersecurity tools and processes. Bring in third parties to test the system, and go through different testing priorities to see what matters and what doesn’t when it comes to your cybersecurity. 


Insider threat is the threat that an insider will use his or her authorised access, wittingly or unwittingly, to do harm to the company’s/departments mission, resources, personnel, facilities, information, equipment, networks, or systems.  The impact and cost of insider cybersecurity attacks can be considerable, with an estimated $6 trillion dollars in damages to business around the world. 

If you’re looking to protect your organisation or evaluate your cybersecurity requirements or challenges. Call 01252 917000, email or get in touch with us via our contact form

Get in touch with BlueFort