Cracking open insider threats
Leaders need to perform strict identity measures on would-be hires – and ensure employees who leave have access promptly removed


Cybersecurity teams face a constant battle of ensuring their company is shored up in the right places. Facing down increasingly sophisticated and persistent threat actors, there’s every reason to focus on one’s perimeter to shield oneself against external threats.
But insider threats – attacks carried out from within an organization’s environment – must also be part of any business’s security strategy. When the call is coming from inside the house, either via a hacker who’s secretly gained access or in the form of a disgruntled employee, security teams need to be ready to clamp down hard.
In this episode, Jane and Rory welcome back Ross Kelly, ITPro’s news and analysis editor, to discuss the scale of these insider threats.
Highlights
“If someone's been dismissed, or if someone's leaving on bad terms, it should certainly be, you know, front of mind for any IT administrator make sure that they do not still have access to the crown jewels.”
“The level of sophistication here is quite impressive. It also points towards a growing level of technical proficiency among threat actors here, they're able to get into these companies as employees and then essentially wreak havoc. ”
“With AI and the deepfake question there, it has accelerated significantly over the last two years. Whereas when you look at, say, the ransomware situation and the fight against that from people on the front lines in the information security space, that's been a far more long-running campaign.”
Footnotes
- Why you should always be wary of insider threats
- North Korean insider attacks are skyrocketing – dozens of US firms didn't spot the hacker in their midst
- Cyber firm KnowBe4 unknowingly hired a North Korean hacker – and it went exactly as you might think
- Should your business worry about North Korean cyber attacks?
- State-sponsored cyber attacks: The new frontier
- The Verizon data breach that exposed 63,000 employees is a reminder of how a simple mistake can have costly implications
- Preventing deepfake attacks: How businesses can stay protected
- How Intel's FakeCatcher hopes to eradicate real-time deepfakes
- AI threats: The importance of a concrete strategy in fighting novel attacks
- Why I think the Scarlett Johansson OpenAI scandal shows the danger of AI-generated voice content
Subscribe
- Subscribe to The IT Pro Podcast on Apple Podcasts
- Subscribe to The IT Pro Podcast on Spotify
- Subscribe to the IT Pro newsletter
- Join us on LinkedIn
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.
In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
The new era of cyber threats
ITPro Podcast With AI-powered attacks and state-backed groups, security teams face face a new wave of sophisticated threats
By Rory Bathgate Published
-
Supply chain scares and Google’s AI code
ITPro Podcast As the ransomware attack on Blue Yonder disrupts a wide range of firms, Google moves to lead by example on internal AI code
By Rory Bathgate Published
-
Halloween special: Cybersecurity horror stories
Podcast Join us for three terrifying tales sure to chill any IT professional to the core
By Jane McCallion Published
-
Securing your business with education and training
ITPro Podcast Keeping your workforce updated on the latest threats requires a cohesive cyber skills strategy
By ITPro Published
-
Protecting the public sector from hackers
ITPro Podcast With the public sector facing increasingly sophisticated threat actors, leaders need centralized security plans and better communication
By Rory Bathgate Published
-
How cyber attacks damage mental health
ITPro Podcast As staff struggle to cope in the immediate aftermath of a cyber incident, leaders must do more to foster a culture of support
By Rory Bathgate Published
-
LockBit leader revealed: What it means for ransomware
ITPro Podcast With LockBit's founder having been unveiled publicly and with international law enforcement still digging into detailed attack stats, the group is on high alert
By Rory Bathgate Published
-
March rundown: The return of state-backed hacking campaigns
ITPro Podcast A major attack on the electoral commission raised concerns for the security capabilities of public and private organizations
By Rory Bathgate Published