CYBERSECURITY THREATS FROM WITHIN
Clearly, it is prudent to build a fortress against cyber threats from infiltrating the organisation. However, with an insider threat, it is also imperative to be vigilant against vulnerabilities from within.
In today’s relentless cyber threat landscape, any form of vulnerability within business infrastructure risks being exploited very swiftly. More often than not, these vulnerabilities come from within the company. Studies have shown that insiders (personnel who have access to internal systems) are responsible for more than half of all data breaches.
Not all threats are caused by malicious intent. Negligence, misuse and accidental data modifications pose the same security problems to an organisation.
RECOGNISING THE FACE OF INSIDER THREATS
Insider threats may compromise a business through its technological infrastructure. The biggest challenge of insider threats is that they are not a technological issue – they are a human resource problem.
Insider threats come in many forms and can be typically characterised as:
This is by far the most common kind of insider threat. With no malicious intent, when an employee or contractor fails to abide by the company’s security policies out of oversight and carelessness, they become negligent personnel that run the risk of causing significant losses to the business.
RULE BENDER: These individuals are typically aware of security policies but choose to bypass them out of convenience for themselves. These rule benders who use security workarounds may be saving company data to a personal device or cloud, leaving it open to compromise.
MALICIOUS ACTORS: These can come in the form of disgruntled or exiting employees who may be tempted to pursue their vendetta against their employer or an agent that works on behalf of an external party with malicious intent. While they may have different motives, the damage that they incur is equally detrimental.