FEATURE
While cybercrime continues to escalate , many of today ’ s most damaging security threats are not the result of the traditional perception of malicious outsiders breaching a network to deliver malware . While that risk is real , a growing number of organisations are concerned about security risks resulting from insiders – individuals known to the organisation – who have access to sensitive information and systems .
Who perpetuates insider threats ?
Insiders who introduce risk into an organisation can generally be broken down into three broad categories :
1 . Malicious insiders
These are users who willfully cause harm through such activities as fraud , data theft , IP theft and sabotage . Malicious insiders can include disgruntled employees with a grudge , an individual with a political agenda , a compromised user being leveraged to commit cyber espionage or cyberterrorism on behalf of a competitor , political group , or nationstate , or simply someone who is behaving badly for monetary gain . When queried , 60 % of companies indicated that they were concerned about this threat .
2 . Negligent users
Over half ( 65 %) of companies expressed concerns about this insider risk . This is an individual who , while not malicious , is still willfully side-stepping policy for the sake of productivity . These activities can range from creating a secret backdoor into the network so they can do things like troubleshoot systems or work remotely , to implementing an easyto-compromise password system for networked devices , to failing to check configurations for errors that then get duplicated to other devices .
The risk from these users is high since they almost always have privileged access to systems and devices , such as databases and file servers . While they may not intend to harm the organisation , their negligence can have a significant impact on the organisation . Improperly secured systems , for example , are much more likely to be discovered and compromised by attackers and malware . And improperly configured devices on their own can cause critical systems to fail .
The more privilege a user has the bigger the impact that can result from their carelessness .
3 . Careless users
These individuals have simply made a careless mistake that leads to an inadvertent system failure , data breach , or accidental breach . This can be something as simple as clicking on a malicious attachment inside a phishing email or browsing malicious websites , to forgetting to secure a public-facing router or server . Like negligent users , the more privilege a user has the bigger the impact that can result from their carelessness . And because this behaviour is entirely inadvertent , it is much more difficult to prevent or prepare for . This is why 71 % of organisations worry about this challenge .
Which insiders pose the biggest threat ?
As explained previously , privilege is directly related to the potential impact of an insider threat . At the top of the list are privileged IT users and administrators . Not only do they have greater access to the inner workings of systems and devices , but their behaviours can result in far more damage than that caused by others . However , even a regular employee can have a significant impact on a network , as can contractors , service providers and privileged executives .
Many of today ’ s modern attacks are designed to escalate privilege , so even a temporary worker with severely restricted access can still create serious havoc inside an organisation . That threat www . intelligentciso . com
37