ICT404 Cyber Security Principles
Assessment 2
Insider Threats in Cybersecurity:
A Comparative Analysis of Malicious, Negligent, and Accidental
Human Actions
1
�Table of Contents
Introduction......................................................................................................................................3
Insider Threats.................................................................................................................................3
Real-Life Scenarios and their Impacts.............................................................................................4
Edward Snowden’s Data Exfiltration at NSA.............................................................................4
Microsoft Azure Credentials Leaked on GitHub.........................................................................5
Wells Fargo’s Data Misdelivery Incident....................................................................................5
Challenges and Mitigation Strategies..............................................................................................6
Conclusion.......................................................................................................................................7
References........................................................................................................................................8
2
�Introduction
Insider threats remain one of the most severe and challenging threats in the area of cybersecurity
that affects each aspect of an organization’s security. These threats are not only restricted to
external threats but also internal in form of employees and contractors involved in the
organization. These insiders are categorized into three types; malicious insiders, negligent
insiders, and accidental insiders, all of whom have different motives and actions that endanger
the credibility of an organization’s data and systems. This literature review explores the complex
nature of these threats, analysing actual cases and their effects, as well as providing detailed
solutions. Thus, in the context of this review of the existing literature, technical solutions are
complemented by behavioural ones to offer a more balanced understanding of how organizations
can strengthen their protection against the complex threats originating from insiders.
Insider Threats
Figure 1: Malicious Insider Attack
Source: (d’Aliberti et al., 2024)
Malicious Intent: The motives of malicious insiders are personal, vengeful, selfish, or political
or hold certain beliefs and use the authorization granted to harm the organization. Some of the
malicious actions are performed at a very high level, for example, they gain more privileges than
the roles they have or try to get more permissions for themselves, which can lead to leakage of
data or destruction of the system. Some of the ways include the creation of backdoors, stealing of
sensitive information using encrypted channels, and programming of logic bombs that are set off
3
�once specific events occur. This leads to poor data accuracy and security, subsequent access to
sensitive systems and networks and subsequent disruptions both in technical and other non-
technical user aspects that may lead to reputational, financial and legal issues (Liu et al., 2018).
Negligent Actions: Negligent actions are motivated by carelessness or lack of knowledge;
insiders expose organizations to risks by using insecure passwords or failing to apply essential
security updates, transmitting data over insecure connections. This leads to easy access for the
wrong things to happen such as phishing for example. The consequences for technical teams
include added scrutiny and time spent on monitoring and recovery, for non-technical
stakeholders, compliance is violated, and fines may be incurred, and trust is damaged due to
assumptions of security apathy (Saxena et al., 2020).
Accidental Incidents: Accidental events happen when insiders are unaware that they are
creating security risks by incorrectly configuring settings, sending data to the wrong recipients,
or losing devices containing sensitive information (Neto et al., 2021). These are usually due to
inadequate interfaces or complicated systems that result in data leakage, network compromise
and system weaknesses that outsiders can capitalise on. From the non-technical perspective,
these events require extensive public relation management, and the safety of customers’
information, which adds more harm to an organization’s credibility and stakeholders’ confidence
(Saxena et al., 2020).
Real-Life Scenarios and their Impacts
Edward Snowden’s Data Exfiltration at NSA
Edward Snowden was a system administrator to the NSA’s internal networks and took advantage
of his position to leak information. With his position he was able to obtain access to restricted
documents, copy various encrypted database files and avoid being detected by security systems.
Snowden obtained this data in a manner that did not trip conventional Intrusion Detection
Systems (IDS) and effected incremental downloads over months. The leak disclosed programs
which involved surveillance across the globe later published by media houses such as The
Guardian and The Washington Post (Jacob et al., 2015).
Cost and Impact:
4
�In a technical sense, the exfiltration resulted in compromised encryption methods and operational
intelligence procedures. The breach was to the detriment of the security posture of intelligence
agencies in the United States across the world. The cost of the containment measures, such as
system upgrades, reconfiguration of the monitoring tools and diplomatic measures, was put at
approximately $1.5 billions. From a non-technical view, such an occurrence led to diplomatic
crises and loss of public confidence in state surveillance. It also led to the exposure of sensitive
data, the NSA was left with no option but to put into practice Zero Trust Architecture, as well as
enhanced insider threat monitoring (Jacob et al., 2015).
Microsoft Azure Credentials Leaked on GitHub
In 2022, Microsoft engineers leaked API keys and access tokens in a GitHub repository that
contained information on Azure servers. It happened because of poor version control practices
and no automatic checks in the Continuous Integration/Continuous Deployment (CI/CD)
pipeline. While the credentials exposed were changed shortly after, the situation exemplified the
vulnerabilities resulting from improper access handling (Feng et al., 2022).
Cost and Impact:
Microsoft dodged an immediate breach but incurred major incident response costs to contain the
compromised systems and conduct assessments. The consequences of such an intrusion to Azure
systems could have meant the company facing millions of dollars in fines under the General Data
Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA). In addition, the
company was embarrassed by such an attack, and its clients and stakeholders were worried about
the company’s internal security situation (Feng et al., 2022).
Wells Fargo’s Data Misdelivery Incident
Wells Fargo’s data breach incident occurred when an employee of the financial firm sent
financial information to the wrong recipient – an ex-employee’s personal email address. This
type of leakage was the result of the manual data processing where human mistakes were made.
Such breaches reveal the dangers of unmanaged data dissemination and the calls for enhanced
control through better Data Loss Prevention (DLP) (Neto et al., 2021).
Cost and Impact:
5
�From a technical perspective, this situation made customers vulnerable to identity theft and
fraud. It forced Wells Fargo to spend funds for containing the incident, then notifying the
affected customers, and finally facing regulatory fines. It also had non-technical consequences,
such as loss of customers’ trust and subsequent legal actions. The global average annual cost of
insider threats is $8.76 million given the continuous disruptions and reputational loss for
organizations such as Wells Fargo (Neto et al., 2021).
Challenges and Mitigation Strategies
Malicious Actions: The challenge is to find strategies to respond to the situation when the
insider tries to misuse the granted authority. The application of User and Entity Behavior
Analytics (UEBA) systems, which are like Exabeam or Splunk and operate based on machine
learning to analyze patterns of usage and flag unusual activity, is critical (Artioli et al., 2024).
Using SDN, network segmentation isolates the network into segments and sets up correct access
filters, in addition to monitoring the traffic in between these segments to search for any transfer
of prohibited information (Saxena et al., 2020).
Negligent Actions: This risk emanates from carelessness or lack of information. For its security,
awareness training through an online platform, such as through KnowBe4 or PhishMe which
simulate phishing attacks and offer interactive training to keep users on their toes is necessary
(Saxena et al., 2020). Security solutions that involve Endpoint Detection and Response (EDR)
like CrowdStrike or SentinelOne allow constant monitoring and immediate response to policy
violation or suspicious activity, so carelessness cannot turn into a security issue. Additionally,
applying the Data Loss Prevention (DLP) technologies like, Symantec, or McAfee can prevent
the leakage of information to other networks outside the organisation by the employees (Hassan
et al., 2020).
Accidental Actions: Accidents occur because of mistakes like improper setting up of the system
or mishandling of data. For it, as for data access, there are AES-256 for data on devices, TLS 1.3
for data transfer makes data non-readable in unauthorized environment. Software such as
CyberArk or Thycotic can prevent access to several systems and require more than one form of
identification to try to reduce the chances of an attack. The way to maintain compliance all the
time is to automate the policy enforcement within the organization devices and applications, this
6
�can be done through using tools like Microsoft Intune or VMware Workspace ONE to keep the
devices and applications compliant all the time because the human factor can cause
misconfiguration or the software can be outdated and therefore lead to a breach (Al-Dulaimi et
al., 2024).
Conclusion
In conclusion, the threat that insiders pose in cybersecurity is deep and complex due to
intentional, unintentional, and accidental actions with the potential to compromise an
organization’s value. This review underscores the need to combine technical solutions with
behavioural approaches if a firm is to design a strong and impenetrable defence against such
internal threats. The strategies that can help address these risks include use of higher levels of
data analysis, better access control measures, and regular awareness sessions. Subsequent studies
should thus aim at applying psychological knowledge to technological innovation to enhance the
understanding of prevention strategies and guarantee organizational safety, reliability and
integrity in the contemporary world.
7
�References
Al-Dulaimi, M. K. H., Al-Dulaimi, A. M., Al-Dulaimi, O. M., Abdulqader, A. F., &
Zakharzhevskyi, A. (2024). Threats in cloud computing system and security
enhancement. 2024 35th Conference of Open Innovations Association (FRUCT), 82–93.
Artioli, P., Maci, A., & Magrì, A. (2024). A comprehensive investigation of clustering algorithms
for User and Entity Behavior Analytics. Frontiers in Big Data, 7, 1375818.
[Link]
d’Aliberti, L., Gronberg, E., & Kovba, J. (2024). Privacy-enhancing technologies for artificial
intelligence-enabled systems. ArXiv, abs/2404.03509.
[Link]
Feng, R., Yan, Z., Peng, S., & Zhang, Y. (2022). Automated detection of password leakage from
public GitHub repositories. Proceedings of the 44th International Conference on
Software Engineering, 175–186.
Hassan, W. U., Bates, A., & Marino, D. (2020). Tactical provenance analysis for endpoint
detection and response systems. 2020 IEEE Symposium on Security and Privacy (SP),
1172–1189.
Jacob, A., Aaron, G., Claudio, G., Andy, M.-M., Laura, P., Marcel, R., Leif, R., Hilmar, S., &
Michael, S. (2015). NSA Preps America for Future Battle.
[Link]
page=
8
�Liu, L., De Vel, O., Han, Q.-L., Zhang, J., & Xiang, Y. (Secondquarter 2018). Detecting and
preventing cyber insider threats: A survey. IEEE Communications Surveys &
Tutorials, 20(2), 1397–1417. [Link]
Neto, N. N., Madnick, S., Paula, A. M. G. D., & Borges, N. M. (2021). Developing a global data
breach database and the challenges encountered. ACM Journal of Data and Information
Quality, 13(1), 1–33. [Link]
Saxena, N., Hayes, E., Bertino, E., Ojo, P., Choo, K.-K. R., & Burnap, P. (2020). Impact and key
challenges of insider threats on organizations and critical businesses. Electronics, 9(9),
1460. [Link]
