Tittle: The danger from within
Date: September 2014
Author: David M. Upton and Sadie Creese
Many managers pay much attention to external attacks, but attacks involving connected companies or direct employees pose a more pernicious threat.
Insiders can do much more serious harm than external hackers can, because they have much easier access to systems and a much greater window of opportunity.
Typical damages they cause may include:
Insiders can do much more serious harm than external hackers can, because they have much easier access to systems and a much greater window of opportunity.
Typical damages they cause may include:
- Suspension of operations
- Loss of intellectual property
- Reputational harm
- Plummenting investor and customer confidence
- Leaks of sensitive information to third parties
Insider threats come from people who exploit legitimate access to an organization’s assets for
unauthorized and malicious purposes. They may be:
- Direct employees
- Contractors
- Third-party suppliers
- A dramatic increase in the size and complexity of IT
- Employees who use personal devices for work
- The explosion in social media
The authors state some ways to fight it:
- Adopt a robust insider policy
- Raise awareness
- Look out for threats when hiring
- Employ rigorous subcontracting processes
- Monitor employees
