Skip to main content

Identifying insider threat

Oilfield Technology,

In a recent report, EY highlights that the oil and gas industry continue to experience data loss, market share impact and loss of competitive advantage despite investment in IT technologies and transformation in defence against targeted attacks.

According to EY, the reason for this is insider threats. Insider threats arguably pose one of the largest security risks to organizations, however they have not been a priority for IT security professionals for two key reasons:

  • The implementation of processes to monitor against insider threats can cause friction between management employees, especially in companies that have a work culture promoting trust and value in employees. In turn, companies and management can fund it difficult to implement the processes and changes successfully.
  • Many IT security strategies are focused more on keeping the company’s names out of the press than identifying the most relevant and impactful risks to the organisation. Lack of understanding and external pressures on the business have impacted the effectiveness of companies’ ability to detect and respond to insider threats.

With employees becoming more IT literate and companies linking their IT and operational technology (OT) infrastructure, the risk of reputational or collateral damage from insider threats is growing.

Defining the threat

Insider threats can pose a risk to an organisation in a number of ways:

  • Malicious or inappropriate use of authorized credentials: This can occur since the authorized user most likely is aware of the organisation’s security control and the value of the data to which the user has access.
  • The authorized user may not be an employee of the organisation: As companies often have varying access management processes around contractors or other third party personnel, there are les controls around maintaining and verifying accurate access.
  • Insider threats can appear in numerous forms: This could include a disgruntled employee, a consultant/contractor looking for intellectual property that they could sell to competitors; compromised credentials which can pose as legitimate accounts.
  • Inappropriate use of access: This could include an authorized user, such as an employee or a contractor who has inappropriately used their access (i.e. HR employee who emails employee records to their home email address to work on later); an authorized user without malicious intent that is trying wither to escalate their priveleges or misuse access they currently have (i.e. a sales rep who is planning on leaving tries to do a mass download of all customer data to use at their next jobs); an unauthorized user masking as an authorized user (i.e. hackers often will take control of an authorized user ID and navigate the environment using a real credential).

Adapted from a report by Emma McAleavey.

Read the article online at:


Embed article link: (copy the HTML code below):