Ask most businesses to name their biggest security threats to their organisation and they will probably reel off a list of external sources such as hackers, malware, ransomware, social engineering, phishing, denial of services attacks and lots more.
Yet, most often than not, the greatest risk to any organisations comes from within. The disgruntled employee, the rogue user, the financially motivated member or even the unintentional person that accidentally disclosed sensitive information can have a severe impact on the organisation.
Insider threats are an intriguing and complex problem. Some assert that insider threats are considered the most difficult problem to deal with because the “insider” has information, knowledge, capabilities and trust to easily evade organisation security policies, procedures and other controls.
The important thing to remember is that all insider incidents are not alike. They are unique to each organisation. However, there are some distinct similarities and common properties for all individuals.
Who is an Insider?
According to the Insider Threat Division of CERT, an Insider that harms the organisation whether it be intentionally or unintentionally has the following characteristics:
Why is it that important for you?
The impact of an insider incident can be multi-faceted – Financial loss, operational disruptions, reputational harm, loss of confidential/proprietary information, loss of customers, loss of employee morale, loss of clients, long term impacts on the organisation culture and potentially life and company threatening.
Any motivation or an innocent act can, therefore, have a devastating effect on the organisation.
What is the ultimate objective of the insider threat mitigation program?
The goal of the insider threat mitigation program is to avoid catastrophic consequences regardless of motivation.
Insiders will act unexpectedly and it is something that you are unable to control. Every person within the organisation is unique in their beliefs, values, goals, their thinking and their associated disposition.
The unpredictable of human behaviour has its implications on organization trust. Think about it this way – most people are not entirely logical or consistent in their behaviour. And as a result, strong security posture isn’t achieved by deploying the typical technology controls.
Be aware that security is context-dependent. Motivation and intent are clearly important in defining insiders. While intent (the purpose of actions) is at least partially observable, motivation (the stimulation to act) is not.
Developing effective strategies to mitigate insider threats requires a two-prong approach
Interested in identifying strategies in how your organisation can increase its effectiveness ability to prevent, detect, deter, disrupt and respond to insider threats then get in touch with Naked Insider or contact us +61 2 6282 5554 or feel free to fill out the form of the Naked Insider website: https://www.nakedinsider.com/contact-us
In addition, download Naked Isnider insider threat book (free) “Protecting Your Business From Insider Threats In 7 Effective Steps”
How resilient is your business from insider threat harm? Would you be interested in finding out how you compare to your industry peers? Would you be surprised to know that most organisations that have taken this assessment are somewhat vulnerable? To find out more, https://www.nakedinsider.com/contact-us
For more information, you can also send them an email at: [email protected] Or give us a call at: +61 26282-5554.