Insider Threat: The Real Risk to Your Organization

Category

Cybersecurity Fundamentals

Risk Level

Threat Levels-04.png
 

You can also check out our Hive Live workshop: Don’t Lose Your Honey to Insider Threat

Your organization has some incredible things that are most likely very important - proprietary information, other people’s personal information, and even the safety of your colleagues.  If you wanted to protect this information, what would you do to protect everything?

Think of your organization as a castle.  As your organization grows, you’ll need to keep adding more rooms and towers to protect what’s important to you, but you’ll soon realize you need to keep your enemies away from all your hard work.  So you’ll start building large walls, or even digging a moat, to protect it all.

Back in 2020, these protections looked like the cybersecurity functions provided by firewalls, security awareness training, and cybersecurity audits. However, this ignores one major problem: these defenses are great at keeping people out, but what about the people already inside? We call this insider threat and it can be devastating to organizations from any industry.

Let’s break down the major characters of insider threat as outlined in the Verizon Insider Threat Report, and be prepared, because not all of them are intentionally malicious.

The Disgruntled Employee

This might be someone who is no longer happy with the organization, or wishes to retaliate against it for personal reasons. Most often, they want to cause harm through destruction of information, or disrupt the way the organization does business. 

The Malicious Insider

This is someone who has decided that the organization’s information may be especially useful for their personal gain.  This could include things like selling credit card information, or using organizational tools to stalk another person.

The Inside Agent

Like the Malicious Insider, this person is seeking to gain something from the organization.  However in this case, they have been recruited, solicited, or bribed by a third party to steal information, or disrupt business processes for the third party’s benefit.

The Feckless Third Party

Many organization’s work with third parties to accomplish their goals.   If their cybersecurity protections are weaker than your organizations, it can undermine all of your hard work to protect your organization.  These problems can arise through negligence, misuse, or even malicious access to any organizational information or IT devices.

The Careless Worker

The one no one expects.  Think about someone in your organization who may not be the most adept at technology.  What if they accidentally deleted all of your organization’s files because they only “thought they were on their own laptop”, or installed “an awesome new photo program” on their computer that allowed ransomware to be installed on all of the organization’s servers and bring business to a halt?  These actions are inappropriate and/or negligent because they generally violate organizational policy, but generally are not considered malicious.

Yes, this really happens, and it can be pretty dramatic. So how do you stop the “Un-fab Five” from disrupting your day? Let’s talk about Cybersecurity Policy & Controls and we’ll work together to understand where your organization stands. We’ll identify the largest opportunities to improve your cybersecurity posture right now; for big and small companies alike.

Ready to talk? Click the button below to start the conversation.

 

Follow us - stay ahead.


Read more of the ACT

Previous
Previous

Experts Agree This is the Best Way to Protect Your IT Devices

Next
Next

What’s an IT Budget and How Much Should I Spend on Cybersecurity?