Meet Ai3, the DTEX Risk Assistant. Fast-track effective insider risk management with guided investigations.



A Human-centric Approach to Operational Awareness and Risk Management.

Stories from the Field: The Scare Factor Continues to Grow for Super Malicious Insiders

employee stress and insider threats blog post

Over the last few years, executive teams and board members have become increasingly aware of the risk malicious insiders pose to an organization. With a potential economic downturn driving significant layoffs at technology companies, it has never been more important for leaders to understand the impact malicious insiders can have on an enterprise’s security posture.

Departing employees (voluntary or not) present real and ongoing risks for organizations in today’s hybrid world. Often the individuals planning to leave an organization aren’t pleased with their existing work environment and disgruntled employees usually carry a chip on their shoulder due to the organization’s inability to alleviate any of their concerns. These feelings escalate even more when it comes to unexpected layoffs and can be a powerful driver of insider threats, leading to the exfiltration of sensitive information.

The continued rise of the Super Malicious Insider presents a very real and scary risk for enterprises in 2023. Because these individuals’ technical proficiency and acute awareness of the organization’s existing cyber security architecture, solutions, and processes surpass the capabilities of your average malicious insider, they are better able to evade detection.

Let’s take a look at some of the scariest real-world examples of the super malicious threats the team has uncovered:

Ghost Employee Accounts
An individual maintained access to corporate systems and data after leaving their organization by proactively creating another account prior to leaving. This was done because the individual suspected that the business would keep a closer eye on the activity of employees leaving the business for suspicious data loss or risky behaviors. This persistent access was then used to steal customer data and sabotage the company’s operational pipeline by modifying purchase orders months after the individual was let go.

The Disgruntled Employee
As a result of perceived unfair treatment, an employee decided to steal their supervisor’s personal details (email, phone number, etc.) and leveraged the information to sign into various spam sites. This resulted in the employer and their loved ones experiencing ongoing harassment, significantly disrupting their day-to-day lives. Ultimately, the incident forced the family to change all of their personal information.

The Social Engineering Scare
Another incident identified by the DTEX i³ team involved a disgruntled employee who socially engineered another employee to steal hundreds of thousands of customer records. In this example, the existing Identity and Access Management security solution had been correctly configured to allow only authenticated access, but an authorized download followed by a shared link using a company-approved file-sharing utility was all that was needed to gain unauthorized access. Once the malicious employee gained access to the records, they archived the information and saved it to the draft’s folder of a personal webmail account for easy access and exfiltration. After the malicious insider secured a position at a new company, they sold the information on the dark web.

Super malicious insider threats can be detrimental to enterprises as these incidents can directly impact employees’ livelihoods by diminishing the organization’s brand and/or causing irreparable damage to an individual’s reputation. These examples should serve as a wake-up call to security leaders that traditional DLP, UBA, and UAM tools aren’t sufficiently mitigating malicious insider threats.

To learn more about the top insider risk concerns for enterprises in 2023 and how the DTEX Workforce Cyber Intelligence and Security platform can help protect your organization, visit