Few have more access to corporate insider information than treasury staff, the managers of their companies’ finances. This makes the increasingly symbiotic relationship between employees with insider status and the dark web particularly relevant.

Crooked insiders have sought to capitalize on the information they’ve been privy to for ages. But there has often been a trail leading back to the perpetrator of the crime, whether insider trading, the sale of proprietary information, or some other fraud. Today, the dark web reduces that risk, providing a medium where insiders can meet up with criminal enablers anonymously and in secrecy to exchange not only insider information but the best ways to monetize it.

“Organizations face asymmetric and unprecedented risks from insiders — employees and contractors who have valid access to enterprise networks,” says a recent report by Insights and RedOwl, firms respectively specializing in monitoring organizations for potential wrongdoing on the dark web and insider activity.

The dark web is a subsection of the public Internet that requires special software or authorization to access, and the researchers found there is an increasingly symbiotic relationship developing between cyber criminals and insiders looking to benefit the information they’re privy to. Their report, titled “Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web,” states that recruitment of insiders within the dark web is active and growing, and that forum discussions and insider outreach nearly doubled in 2016 compared to the year before.

The report further says that the dark web now serves as a vehicle insiders use to “cash out” on their services through insider trading and payment for stolen credit cards. In addition, sophisticated threat actors use the dark web to find and engage insiders to help place malware behind an organization’s perimeter security.” Thus, any insider with access to the internal network, regardless of technical capability or seniority—certainly including treasury employees—presents a risk.

“Insiders sitting within organizations’ finance departments are exposed to especially valuable and sensitive information. In addition, it’s not uncommon to have consultants operating within these functions, which further compounds the risks,” said David Pogemiller, VP of strategy at RedOwl charged with helping customers harness untapped internal data sources to address security and oversight risks.

Mr. Pogemiller noted a Forrester study published last year that found that insider threats led to 39% of data breaches in 2015, while an Intel Security report found that 43% of data exfiltration was perpetuated by internal actors. Meanwhile, according to the RedOwl and Intsights research, 80% of corporate security initiatives focus on perimeter defenses guarding against external threats, and fewer than half of organizations budget for insider threat programs.

The researcher’s note that Verizon’s annual data breach report has found that insiders have been one of the most persistent sources of digital attacks for years, driven by the promise of financial gain and the ease of executing the attack. The dark web adds fuel to the fire, creating a marketplace with ready buyers of the insider information that enable the monetization of insiders’ actions. In addition, sophisticated criminals can easily supply inexperienced insiders with tools and know-how to execute more complicated attacks, and the dark web reduces detection concerns.

So how do companies reduce temptation for insider misbehavior? The researchers say insider threat programs must create, train and enforce corporate security policies while protecting employee privacy, making sure employees and contractors understand the rules—and penalties. Plus, companies must monitor employee behavior across a broad array of channels that identify suspicious employee activity, and, importantly, security teams must seek to understand where there may be negative employee sentiment.

Mr. Pogemiller said employees are less tempted to engage in insider misbehavior when insider threat programs are built on a foundation of a “strong culture that ensures employees are engaged with the overall mission of the company and with protecting the company. That’s one of the biggest levers companies have to mitigate this risk.”