Insider threat can often be misunderstood. How would you define it? How does your business define it? Defining the threat is important, as otherwise much can be missed. Insider threat can be thought of as having three sources and can be defined, plainly enough, as a threat to an organisation that comes from with its ranks, intentionally or unintentionally. In this blog, we will examine these sources and then see how they can be combatted.
The first cause of insider threat is accidental. Only a year ago it was reported that out of all the security events that had to be resolved, three in ten were purely accidental. Many of these incidents arise when employees, in all innocence, become ensnared in some form of malware. Often, malware will be transmitted by email; the recent WannaCry ransomware attack is a case in point. How can you counteract such accidental incidents? Over our latest series of blog entries, we have discussed cyber security and how business as a whole has held it as a non-essential expense, perhaps something to be dealt with on a minimised budget. Adopting best practices will require proper training and staff instruction, but the value of cyber security means it will not be time wasted.
A common second cause of insider threat is negligence. Negligence can arise post-adoption of best practices when you have instructed staff in cyber security and put protocols in place. It is human nature to try and work around rules, and sadly, cyber security rules will commonly be circumvented in the interests of time-saving. Unauthorised file-sharing to external systems is a frequent cause of concern, and while working from home has many benefits, there are definite security risks that should be confronted. Fighting against such negligence can prove difficult, as you are essentially fighting against human nature itself. You can put together all the security procedures you want, but ultimately you must instil cyber awareness into your staff.
The third root of the insider threat is the most difficult: malicious. When we consider malicious cyber-attacks, we imagine the danger as being from without the organisation. Disturbingly, this is not always the case. Employees, contractors and even those with privileged access may for various reasons target their own nest, so to speak. It could be for dishonest gain, or perhaps for a workplace grievance that was not resolved to their liking. Sensitive data such as customer credit card details has enormous value on the black market, and even if the malicious insider does not seek financial gain in the first instance, such a data breach can cause awful reputational damage. Such reputational harm is surprisingly the main desire of some disgruntled staff members.
Combatting insider threat calls for a deep appreciation from management of the potential harm that could be caused. Armed with such awareness, security protocols must be mindfully put in place. Training must be emphasised, and the entire framework of cyber security should be reviewed, business-wide.
All this effort requires experience, and it may be best to outsource the required expertise; it is not often that businesses will be able to find the needed skills in-house. If you do wish to source professional help, Abilott will be delighted to assist your organisation on an end-to-end, bespoke basis.