Anyone who has a vested interest in cybersecurity recognizes that cyber attacks on our digital systems are increasing…not just in numbers, but in sophistication as well. We would do well to direct our efforts at defending our systems from outsider attacks, but what about the attackers from within?
Research has indicated that a very large portion of our cyber breaches are directly related to insider attacks, both intentional and unintentional. Intentional attacks often result from disgruntled employees or ex-employees and are very difficult to defend against. The problem of course is that such employees are already inside our defenses with access to data. How can we stop them from conducting nefarious operations? Closely monitor the system and conduct employee awareness training is the answer. Monitoring the system allows you to detect if there is unusual activity taking place so you may take action.
You can also limit access using least privilege access and judicially guard access to our most vital data. The members of an organization should also be trained in cybersecurity awareness training….so if they see something…they say something. Disgruntled employees generally do not hide their feelings. As for ex-employees…their access should immediately be cancelled upon release from employment.
Unintentional attacks are just that…unintentional. Employees may mean well in what they do, but as human beings they make mistakes and can be easily taken advantage of by clever hackers using ‘social engineering’ techniques. Often that takes the form of phony phone calls or email messages from their peers or bosses asking them to share confidential information that they know they shouldn’t….but do. The defense against these attacks are training, training and more cyber security awareness training that eventually develops and ingrains in employees a cybersecurity awareness culture that forestalls the efforts of hackers.
As long as there is profit involved, cyber attacks on our systems are going to continue into the future. We can mount a credible defense against outsiders, but we must also seek to be sure we are not our own worst enemy.
Learn more about the realities and aspects of cybersecurity for small business and nonprofits with our one-day seminars available here.
Greitzer, F.L. Moore, A.P. ; Cappelli, Dawn M. ; Andrews, D.H. ; Carroll, L.A. ; Hull,T.D. (2016). Combating the Insider Cyber Threat. Retrieved from http://ieeexplore.ieee.org/xpl/abstractAuthors.jsp?tp=&arnumber=4446699&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D4446699
Maguder, N. (2014). Cyberattacks: Why you’re the weakest link. Retrieved from http://www.cnn.com/2014/07/16/business/cyberattacks-the-threat-from-inside/index.html