There are many reasons that contribute to disgruntled employees in the workplace. However, the process typically begins with an employee feeling overworked, underpaid, unappreciated, or passed up for a promotion. In fact, a job satisfaction survey conducted by The Conference Board Consumer Confidence SurveyŽ, highlights the five components that US workers are least satisfied with. To enumerate, they are:
- promotion policies (25.4 percent)
- bonus plans (25.5 percent)
- educational/job training programs (30.8 percent)
- Â the performance review process (31.2 percent)
- recognition/acknowledgement (34.3 percent)
Disgruntled Employees
According to the 2018 Insider Threat Report, ninety percent of organizations feel vulnerable to insider threats. Disgruntled employees possesses two components needed to cause damage; access and motivation. Additionally, a survey conducted by Deep Secure reports that nearly half (45%) of office employees are willing to sell corporate information to outsiders. Notably, just ÂŁ1,000 would be enough to tempt 25% of the surveyed employees. What information would they be willing to sell? Depending on the employee’s job function, it could include confidential and/or proprietary information. As well as, financial information, and/or high-level administrative privileges to corporate applications.
When issues arise in the workplace, it’s important to realize that this can create an emotionally charged environment. As a result, a productive employee may now become a disgruntled employee. The subsequent risk to the company may be varied and significant. It could include spreading negative comments on social media platforms such as LinkedIn or Facebook. In addition it could include theft of physical and or intellectual property. As well as, deliberately leaking sensitive and or confidential/proprietary information. As a result, companies may experience financial loss, loss of company credibility and potential lawsuits.
In addition to disgruntled employees, itâs important to consider the other insider threat; the ex-employee who maintains access to corporate applications.
The Ex-Employee
According to a survey conducted by OneLogin an alarming 50 percent of ex-employees retain access to corporate applications after their employment has ended. This continued access can become the Achilles heel for the company. If the ex-employee leaves acrimoniously the motivation exists to use that access to orchestrate a crippling attack.
What if the employment is terminated to the satisfaction of both parties? Is there still a risk? There certainly is. An ex-employee can be recruited at a later date by malicious actors offering financial incentives for access. This threat is real. According to OneLogin, 20 percent of the companies surveyed experienced a data breach due to failure to de-provision an employee.
Apples Huge RevealâNot so Much!
Just days before Applesâ huge reveal, a disgruntled employee is believed to be the leak that compromised the anticipated event centered around the iOS 11 GM. According to a September 9, 2017 AppleInsider report, it is suspected that a disgruntled employee revealed proprietary/confidential information regarding new features and hardware of the iOS 11 GM. Â Included in the leak was information on the new LTE Apple Watch, new AirPods revision, âFace IDâ facial recognition details and setup process, a new âanimojiâ feature for Messages, and the apparent marketing names of Appleâs forthcoming iPhone lineup; iPhone8, iPhone 8Plus and iPhone X.
Morrisons Supermarket Payroll Leak
In 2014, Andrew Skelton, a senior IT auditor employed by Morrisons Supermarket PLC, deliberately leaked the payroll information of approximately 100,000 current and former Morrisons’ employees to a file sharing website and to three English newspapers. The motivation? The IT auditor held a grudge against Morrisons due to an earlier internal disciplinary matter. Morrisons continues to experience the damaging consequences caused by this disgruntled employee. Over 5,000 current and former Morrisons’ employees filed a class action suit against the company for damages incurred from the information leak.
In December, 2017, Englandâs High Court of Justice Queens Bench Division ruled that Morrisons was vicariously liable for the actions of the disgruntled employee. Morrisons is appealing the courtâs decision.
Georgia-Pacific Mill Hack
IT specialist and systems administrator, Brian P. Johnson, will be spending the next 34 months in federal prison and will have to pay $1,134,828 in damages for hacking his former employer, Georgia Pacific. Mr. Johnson was terminated from his employment on February 14, 2014 and escorted off the George-Pacificâs Hudson Mill premises. Despite his termination, his access to corporate applications remained in place. Mr. Johnson was found to have an open virtual private network connection to the Georgia-Pacific Millâs network. With this connection, Mr. Johnson intentionally transmitted harmful code and commands to the system, in some instances bringing the mills production to a stand-still.
FBI agents assigned to the case concluded that Mr. Johnson intentionally sabotaged his former employer as payback. In February 2016, Mr. Johnson plead guilty to his crimes.
What You Can Do
Youâve probably heard the saying that âknowledge is powerâ. All employees require a certain amount of knowledge to empower them to do their work. However, here are a few questions to think about:
- How much âpowerâ do your employees have based on the access or âknowledgeâ of corporate applications they possess?
- Do they need the access they have to do their job?
- Are policies and guidelines in place to recognize the signs of a disgruntled employee, as well as, how to manage the situation?
- Is a policy in place to ensure access to corporate applications cease when employment ends?
This article by the CERT Division of the Software Engineering Institute (SEI) provides a list of 19 best practices that can help mitigate the risk of IP theft, IT sabotage, and fraud that may exist due to a disgruntled or ex-employee.

CERT Insider Threat Best Practices
In addition, check out our blog, Insider ThreatsâRecognize and Respond to the Threat Within, here.