When an employee becomes a threat

When an employee becomes a threat

Inside perpetrators are increasingly becoming a threat to companies

A month ago, our CEO Robert and our Head of Operations Morgan Alexander were invited speakers at the SOC Summit in Munich. There, they highlighted how hackers are trying to attack companies. In one scenario, Robert and Morgan described the inside perpetrator. The inside perpetrator is usually an employee who wants to harm the company and will do anything to do so. The motivation for this can be for a variety of reasons, including that the employee is leaving the company or that the employee has allowed himself to be corrupted, for example. Last week, t3n published an article which again showed how destructive inside perpetrators become and that their motivation can be of any nature.

The unique selling point

Unlike a black-hat who tries to get hired at a company, the inside perpetrator has been hired at the company. Upon entry, the employee does not yet have a desire or reason to harm the company. This reason arises from professional life: be it a denied promotion, leaving a company or dissatisfaction. Then a valued colleague becomes a threat to the existence of the company, colleagues, image.

What are the goals of internal perpetrators?

The goals are many and varied. As in one of our case studies, inside perpetrators are concerned with weakening their company's position in the market and strengthening their new employer. That means: Inside perpetrators steal data such as customer information, production plans, supply chains in order to cause lasting damage to a company. Because the image will definitely suffer. But can employees also start to ruin the reputation of a company. Here are the most common methods that one writes to customers or partners and tries to discredit the company, but also the writing of bad reviews is the order of the day. Recommendations on sites such as Trustpilot, Facebook, Kununu are for many people decision-making aids for a purchase or an application to a company. The better the ratings, the more applications and purchases a company will be able to generate. In the same way, the goal can also be that an internal perpetrator simply wants to harm the company by exploiting a weakness known to him and thereby bringing unrest into the company. This unrest can be expressed in the fact that the remaining employees do not receive salaries, as described in t3n magazine, or that a company does not get access to the system or important software, and of course, an internal perpetrator can also infect the IT security infrastructure with malware, such as spyware. One can only imagine what serious consequences each individual act can have for a company.


Many inside perpetrators see little or no danger to you in their actions. Either because you felt safe or because you thought you were in the right. As is often the case, however, there is a difference between believing you are in the right and actually being in the right. And the differences are pretty big: in the current case, where a system administrator harmed a major real estate company because he didn't feel heard or granted, a court now found him guilty. The inside perpetrator has been sentenced to seven years in prison. And the sentences in our Case Study may be similar in nature, with hearings still pending there.

Does a company now have to see every employee as a danger? No, of course not. Even if the number of cases of internal offenders is increasing, companies are also offering more and more opportunities to report such internal offenders. After all, such acts rarely go unnoticed. Among other things, companies can implement a whistleblower tool through which employees can report data breaches or theft of data. And, of course, you should regularly train all employees on how to handle data and also sharpen their focus.

Do you need help implementing a whistleblowing tool, would you like to have your employees trained in handling data, or would you like to receive detailed and expert advice on this? Then contact us today, we will be happy to assist you.

Link to t3n article (german): https://t3n.de/news/admin-daten-geloescht-7-jahre-haft-1472999/

Link to the case study: https://qcyberlab.com/en/blog/case-study-automotive.html

Contact us now