While many companies focus on external threats, insider threats are just as dangerous, perhaps more so. This is particularly true when it comes to cyber security. As society becomes more dependent on networks, computers and artificial intelligence, learning to recognize and deal with threats within will become more paramount.
What Are The Threats?
Internal threats can be broken down into two broad categories, which are those involving security protocol lapses and data breaches which result from the intentional actions of employees. While security lapses are usually the result of negligence, intentional data breaches are done purposefully. In either case, the consequences for the company can be absolutely disastrous.
Security lapses are quite common in many corporations and institutions worldwide. These organizations handle vast amounts of data, some of which is sensitive and extremely valuable, such as strategic info, trade secrets and patents. A lapse occurs when individuals within the organization accidentally compromise the data, allowing it to fall into the hands of unauthorized parties who can then use it to their advantage. These lapses result from a failure of company personnel to follow security procedures and a lack of having good knowledge on current cyber security trends.
Intentional Data Breaches
There is a fine line between an accidental security lapse and an intentional data breach, and the biggest difference is intent. Whereas a security lapse may occur as a result of an employee accidentally losing a USB stick or smartphone containing sensitive customer data, an intentional data breach occurs when an employee knowingly compromises company information, usually for a profit.
Individuals who work for prominent companies, particularly upper management and executives, may be targeted by intelligence agencies, transnational criminal organizations or rival firms looking to gain leverage by enticing them to transfer confidential company information, and will pay them huge sums of money to do so. This is a form of industrial espionage, and is one of the greatest threats a company can face.
What Should Be Done?
Accidental security lapses result from laziness on the part of employees who fail to follow security protocols. Therefore, the best solution to dealing with them is a “carrots and sticks” approach where those who compromise company security are severely punished while those who don’t are richly rewarded and promoted to higher levels or responsibility.
Intentional data breaches are more complex. Many, if not most, of the employees that engage in it are disaffected, upset with the company or simply greedy and sociopathic. Some have turmoil in their lives, and may be going through a divorce, could be addicted to alcohol, drugs or gambling.
Anyone in this position, especially an executive or upper manager, is susceptible to temptation by rival companies and intelligence agencies. Companies must rigorously screen those who are given access to the company’s most sensitive information, doing deep background checks and personality assessments to determine if they are qualified to handle such data. Furthermore, severe punishments should be enacted on anyone that is caught.