The Morgan Stanley Breach: Understanding the Nature of Insider Threats

When an organization is struck by a cyber attack, it’s natural to presume that someone from the outside did it. However, the rising frequency of recent insider jobs, such as last year’s hack of Bitcoin Mt. Gox, a well-known and public brand that represented Bitcoin’s exchange market, and the Amtrak data breach, (where it was revealed that an employee of the passenger rail company had been selling passenger data for two decades) connotes how often they can happen. And when they do happen, they potentially come with very serious implications.

Recently, an in-house financial adviser cum-hacker at investment firm Morgan Stanley was fired after selling the bank’s wealthiest clients’ data online. Galen Marsh, the former financial adviser, managed to swipe the information of 350,000 clients and expose them online on Pastebin. According to reports, the damage was minimal as the company was able to find and expunge the online dump with the data.

What is an insider threat?

It can be difficult to understand the motivation of people who turn out to be insider threats as their reasons vary. Essentially, insider threats can be employees, business associates, contractors, or former employees—people who have inside information or access to an organization—that turn out to be threats to an organization that they are connected to or work for. The threat can be deliberate, or come from negligent behavior cultivated by lack of training or weak policies.

What makes people an insider threat?

The motivation behind an insider attack may differ from money, ideology, coercion, and ego. Employee discontent brought about by layoffs, pay cuts, or non-promotions could also be a reason to lash out by executing an attack or an act of theft. However, there is no real, or singular answer to the question why employees would turn against an organization. Additionally, they could be targeting somebody within the company or practically no one in particular.

What is the extent of the damage an insider threat could cause?

An attack of any nature could always pose some serious problems and further risks. No matter the size of an organization, it still could cause headaches. In a worst case scenario, an attacker would be able to damage to their target network, especially if they are in a position that holds a significant amount of access information and data. In addition, an insider threat could also enable someone else in the company to access the network and cover for them.

Although it's difficult to prevent insider threats from happening, these recent incidents should serve as a good warning that organizations should take the necessary measures to mitigate such attacks. On the technical side, monitoring and logging employee activities can be used to detect potentially malicious behavior. Proper access control must be implemented to ensure that not all employees are able to access information they do not need. On the practical aspect, it is critical to employ good management and security practices to minimize the risk of having a disgruntled employee. Overseeing that the employees’ credentials who leave the organization are disabled is also a must in order to prevent security leaks.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.