How to Spot the 6 Archetypes of Insider Exfiltration


Published on

The key to stopping insider exfiltration is recognizing the threat and learning to identify the individuals most likely to steal sensitive data. Knowing which personae to watch for could help an organization avoid a costly breach.

Published in: Software
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

How to Spot the 6 Archetypes of Insider Exfiltration

  1. 1. HowtoSpottheSixArchetypes of Insider Exfiltration The key to stopping insider exfiltration is recognizing the threat and learning to identify the individuals most likely to steal sensitive data. Knowing which personae to watch for could help an organization avoid a costly breach.
  2. 2. The Ship Jumper is looking for or just accepted a new job. WARNING SIGNS: Frequent absences, unexplained disappearances or unexpected medical appointments can be signs of a Ship Jumper. Workers who have accepted a new job are the most likely to give data to a competitor, especially in positions such as sales, product development, and business intelligence. BEHAVIORAL CLUES: • Dissatisfaction with current position • Negative attitude • Talks trash about goings on at the company
  3. 3. The Unhappy Camper may have received a poor performance review, been passed over for promotion or been placed on a performance improvement plan. WARNING SIGNS: Employee may be consistently out sick the day after receiving news of poor performance or reprimand. He or she keeps score and may show a propensity toward revenge or vindictive behavior. BEHAVIORAL CLUES: • Negative affect • “Out-to-get-me” attitude • Quick to point the finger, blames others • Poisons the well
  4. 4. The Spendthrift is experiencing acute or chronic financial problems. WARNING SIGNS: Employee talks excessively about money and how much things cost in a negative light. He or she always seems to be in a financial jam, may get calls from collection agencies at work or talk about taking on a second job to increase cash flow. BEHAVIORAL CLUES: • Admission of financial problems • Talking about needing to find a new source of income • Lifestyle doesn’t match income level • Borrowing money from coworkers
  5. 5. The Angler is always working schemes to exploit perceived weaknesses or vulnerabilities in people and systems. WARNING SIGNS: The Angler is often a fast talker who brags about working or gaming the system at work and/or in his or her personal life. He or she has no qualms with breaking the rules or cutting corners if it means getting ahead. BEHAVIORAL CLUES: • Inappropriately charming, fast-talker • Tendency of taking things a little too far • Willing to break the rules to get ahead • Always on the lookout for a new angle
  6. 6. The Uploader saves all of their work to a personal cloud software account, regardless of company policy. WARNING SIGNS: Whether deliberate or unintentional, the Uploader saves everything to a personal cloud account. He or she refuses to use network drives or company-sanctioned cloud stores. BEHAVIORAL CLUES: • Lacks trust in corporate systems and software • Virtually no files saved to computer or personal network files • May be hesitant to share his or her work
  7. 7. The Ex was romantically involved with a coworker and recently experienced a breakup or an existing relationship is on the rocks. WARNING SIGNS: The Ex constantly obsesses about a coworker he or she used to date. He or she may attempt to access business accounts or personal files of the former partner, often triggering multiple failed password attempts as a result. BEHAVIORAL CLUES: • Stalker-like behavior • Propensity toward revenge or vindictive behavior • Comments like “they’ll be sorry”
  8. 8. Red Flags • Exporting abnormally large amounts of contact data out of CRM or other databases. • Sudden interest in the company’s network and databases outside the scope of official job role. • Failed password attempts. • Attempts to access other employee accounts. • Sudden increase in free space on employee’s computer. • Deleting large numbers of files or emails. • Changing computer configurations. • Repeated attempts to access privileged folders on the Intranet or shared drive. • Sudden appearance of external drives to back up data. • Sudden change in behavior around taking a laptop home at night. • Installation of unsanctioned sync and share software like Box, Google Drive, or Dropbox.
  9. 9. Mitigate the Risk • Implement endpoint backup to monitor the movement of data on the endpoint. • Monitor access to secured databases and software. • Follow up with employees who repeatedly attempt to access secured resources. • Remind employees that resign of the non-compete and non-disclosure agreements they signed when they were hired. • Connect the ability to receive severance to the promise not to steal or use IP or other company data. • Follow through when a breach occurs. • Foster communication between Human Resources, IT and the employee’s supervisor to monitor possible bad actors.
  10. 10. Userbehavioris a businessblindspot Weseewhatyoucan’t