nettobegroupThe Uncomfortable Truth About Insider Risk
We spend millions on firewalls, intrusion detection systems, and threat intelligence platforms. We train our teams to spot phishing emails and suspicious links. Yet some of the most damaging security breaches don’t come from sophisticated hackers halfway across the world, they come from the inside, often without malicious intent.
As a support engineer, I’ve seen how insider risk unfolds in real organisations. The most dangerous vulnerabilities aren’t always in our code or infrastructure. They’re in our processes, our assumptions, and our reluctance to acknowledge uncomfortable truths about trust.
The Ghost in the System
Let me tell you about a pattern I’ve seen too many times. An employee leaves the company, maybe they resign, maybe they’re let go. HR processes the paperwork. The manager holds an exit interview. Everyone checks their boxes.
And weeks later, that person’s account is still active.
How can we simply forget to turn off the lights when someone walks out the door? Yet it happens with alarming regularity.
I’ve seen former employees retain access to customer databases, financial systems, and internal communications for days, weeks, sometimes months after departure. Not because they’re exploiting some sophisticated backdoor, but because the offboarding process broke down somewhere between IT, HR, and management.
The risk isn’t always malicious. Sometimes it’s just embarrassing an ex-employee accidentally joins a video call. But sometimes it’s catastrophic. A disgruntled former employee with lingering access can exfiltrate data or sabotage systems. Even without ill intent, their account becomes an entry point if credentials are compromised.
We’re often more vigilant about external threats than properly closing the door behind people we once trusted.
The Shared Secret That Everyone Knows
During a recent security review, our trainees Raiddah and Karishma noticed something while observing support ticket patterns. They saw multiple instances where issues couldn’t be resolved because it was unclear who had actually performed certain actions in the system.
The culprit? Password sharing.
“I just need to check this one thing can I use your login?”
It seems harmless. A colleague needs access for an urgent task. Their account doesn’t have the right permissions. So they borrow someone else’s credentials. Just this once.
Except it’s never just once.
Password sharing creates what I call “accountability fog.” When multiple people use the same credentials, every action becomes ambiguous. Did Sarah actually make that configuration change, or was it Mark using Sarah’s login? Who approved that transaction? Who downloaded that file?
This pattern reveals how password sharing doesn’t just violate security policy. it fundamentally undermines the purpose of individual accounts. We implement user-based access controls to create clear audit trails. When credentials are shared, those safeguards evaporate.
What makes this particularly insidious is the social dynamic. Password sharing often happens because people are trying to help each other. It’s a workaround born from good intentions meeting a deadline, unblocking a colleague, getting work done. The security risk feels theoretical; the immediate need feels real.
But every shared password is a crack in your security foundation. And like any crack, they tend to spread.
Trust, But Verify
Insider risk isn’t primarily a technology problem. It’s a process and culture problem that technology alone cannot solve.
The ex-employee access issue stems from fragmented offboarding. There’s often no single source of truth for employee status, and no automated trigger that disables access across all systems when someone leaves. IT doesn’t get notified promptly. Different systems have different administrators. Cloud services get overlooked.
The password sharing issue stems from friction in legitimate access. When getting proper credentials takes days but borrowing someone’s login takes seconds, people take the path of least resistance.
Both issues share a common thread: we trust that good intentions will prevent bad outcomes. We trust that managers will notify IT. We trust that colleagues will only share passwords when “absolutely necessary.”
That trust isn’t misplaced regarding intentions. Most people are trying to do the right thing. But intention isn’t enough when systems don’t support secure behaviour by default.
What This Means for Your Organisation
If you’re reading this and thinking “that would never happen here,” I’d encourage you to audit your last ten employee departures. Check whether every account was disabled within 24 hours across every system. Review your authentication logs for patterns that might indicate shared credentials.
The patterns observed in our support work point to a fundamental truth: insider risk often hides in plain sight. It’s not the sophisticated threat that keeps security teams up at night. It’s the mundane process failure, the convenient workaround, the thing everyone knows about but assumes someone else is handling.
Security isn’t just about defending against adversaries. It’s about building systems and processes that make secure behavior the easy default, and insecure behavior inconvenient enough that it doesn’t become normalized.
The uncomfortable truth about insider risk is that we often create it ourselves not through malice, but through inattention, process gaps, and misplaced trust in good intentions over good controls.
Moving Forward
Understanding these patterns is the first step. As organizations mature their security postures, the focus must expand beyond perimeter defense to include the human elements of access management. That means automated offboarding, streamlined provisioning, and systems designed assuming workarounds will be attempted.
Your insider risk isn’t just about who might intentionally cause harm. It’s about all the small ways that trust without verification creates opportunity for compromise both accidental and deliberate.
And that’s a truth we can’t afford to keep ignoring.
