The financial and legal sector need to be aware of the updated insider threat

Financial institutions have long been aware of criminals approaching members of staff and trying to get information or access from them.

According to Sisa Infosec, every year, more than 34% of businesses worldwide are affected by insider threats. With a survey by Fortinet revealing that fraud (55%), monetary gains (49%), and IP theft (44%) are the three most underlying reasons behind insider threats.


I have heard of employees being approached on the streets of Cambridgeshire when they have finished work, and this being a regular occurrence. But as this was known about and employees specifically warned and informed of the processes that they could use to report this, and the consequences, the number of employees being swayed was low.


But are the professional sectors aware of the latest way that criminals are approaching staff, and what they are being asked to do?

Did you know they might email staff directly? Such as in the case that Brian Krebs wrote about on his blog.


Or as in the case of Lockbit, leave it behind on their wallpaper once they have carried out a ransomware attack.

“Would you like to earn millions of dollars? Our company acquires access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. Open our letter at your email. Launch the provided virus on any computer in your company. Companies pay us the foreclosure for the decryption of files and prevention of data leak.”


Blackmatter ransomware advertise for access on cybercrime forums with specific details of the type of companies that they are after with the promise of buying the access.


What can companies do?

Insider threats are one of the most difficult to guard against however there are some key considerations for companies.

- Make staff aware of the approaches that they might get and how to report them. One of Tesla’s employees was approached with a $1M deal for insider access. They reported it, helped with the investigation and the criminal, Kriuchkov was arrested. The ECRC can provide bespoke staff awareness training tailored to what threats your company and employees might face. Contact us now to find out more.

- Implement strong access controls and allow access to systems that people really need rather than everything. If you were working in a physical location, you might have some areas which were only accessible to staff who worked there, and for anything really valuable, maybe a safe. But you wouldn’t give the safe keys to everyone who worked for you. If your not sure about access control take a look at our short videos about it.

- Have internal network logging. This will enable you to see unusual activity, such as emailing 8000 sensitive files outside of the network which is what happened with General Electric. The NCSC has a free tool to help with this, Logging Made Easy. You can read more about it here.

- Have policies and procedures which cover data control and access. Consider limiting the number of attachments that could be sent out at once, maybe three, and then set up a rule which alerts you if any more than that are sent. This gives you the ability to check that what is being sent is going for a legitimate reason. Tell your staff that their emails are being monitored and tell them about the policy. If you are not sure whether your policies cover all that should be considered why not have a policy review with our affordable service?


Further guidance & support

You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.


Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.


The ECRC is a policing-led, not for profit, membership organisation, with the aim to increase the cyber resilience within small and medium businesses within the East of England (Hertfordshire, Bedfordshire, Cambridgeshire, Norfolk, Suffolk, Essex and Kent).


Policing led - business focussed.



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.