SUBSCRIBE TO OUR BLOG

Section Menu

Five insiders who threaten your security

posted by Ben Hayden on Thursday, July 18, 2019 in SHAZAM Blog

When it comes to security threats, we often focus on the risk posed by unknown parties attempting to gain access to information from the outside. However, trusted individuals within an organization can be just as dangerous. Here are five insiders that pose a risk to security — and how to prevent them from bringing harm to your organization.

Absent-minded employees — Without even thinking, employees can accidentally expose an organization to security threats. Some of the most common ways this can happen is when an employee clicks on a suspicious link, email or attachment, or when sensitive information is sent to a personal email or cloud service, a malware-infected mobile device is connected to the network or a work device is misplaced. 

Revenge seekers — Former or current employees out for revenge sometimes steal or destroy sensitive data. This type of attack is hard to detect, because employee actions aren’t always tracked — especially when an employee has legitimate access to the data.

Privilege abusers — Misuse of roles and responsibilities can allow employees to do or access things that aren’t required to do their job. Again, a lack of tracking makes this kind of attack hard to detect.

Partners in crime — Legitimate third-party contractors or other service providers have been responsible for breaches through malware or stolen credentials. Perpetrators in these attacks can be difficult to identify, and the more people who have access to the network, the harder it gets. 

Colluders — Although it doesn’t happen often, trusted employees sometimes work with outside criminals to execute data breaches through means such as creating a security vulnerability, which can be exploited by an outsider.

Prevention

The steps for fighting internal threats are very similar to the steps for fighting external ones. To protect your organization, follow these tips from Trustwave.

  • Conduct thorough risk assessments, including assessments of vendors.
  • Have strong policies, anti-malware solutions, data loss prevention solutions and incident response plans in place.
  • Take the risk posed by personal devices and cloud services connecting to the network seriously.
  • Conduct regular security training sessions and test employees on their understanding of them.
  • Use threat management to spot network anomalies.

Security threats don’t always come from the outside. Take these steps to keep your organization secure — inside and out.

Tags

  1. fraud
  2. risk
  3. security

About the Author

Ben Hayden Photo

Ben Hayden utilizes his expertise in cyber investigations, financial crimes and digital forensics to assist financial institutions in evaluating their cybersecurity vulnerabilities. He manages SHAZAM’s risk management services, helping member institutions mitigate their risks in information ... read entire bio

SHAZAM, Inc. and ITS, Inc. provide this blog for general informational purposes only. Our blog may be shared by a direct link wherein the content remains as originally presented and has not been altered. SHAZAM, Inc. and ITS, Inc. assume no responsibility for errors or omissions in the contents on the blog. By using this blog, reader agrees that the information published does not constitute nor is a substitute for legal advice which should only be sought from a qualified, licensed attorney. 

Comments

comments powered by Disqus