While many organizations are aware of the threat coming from internal sources, they are often reluctant to acknowledge it as it implies they don't trust their employees. Another problem is our natural instinct telling us not to trust strangers, and consequently we focus much more on external threats.
In addition to this, the external threat is the one that gets the most media publicity and as a result is easier to “sell” to senior management. However, study after study highlights that an increasing number of breaches are being caused by the accidental or deliberate actions of the trusted insider.
While malicious attacks tend to be rarer than accidental attacks, they can invariably cost the organization more due to their targeted nature. Another thing to consider is that many criminals are now using innocent insiders as a way to gain access to data. This can be achieved by sending a malicious attachment or link via email, and results in the download of malicious software onto the unsuspecting users’ PC, or simply them being tricked into revealing their password.
The current economic climate creates a lot of new risks and amplifies existing ones. Cutbacks in staff numbers or hiring freezes can lead to the remaining staff being overworked, resulting in them potentially making more mistakes. The cutbacks can also result in fewer experienced staff being available to spot a mistake or deliberate act that could lead to a breach.
Other staff, especially those who have had their pay reduced or feel their job is under threat, may be under increased financial pressure which could make them more susceptible to stealing data for financial gain or being bribed to do so.
Staff may also steal specific data, such as customer lists, intellectual property or other sensitive business information as a "safety net" in the event they lose or change jobs as they feel having this data may provide them with an advantage when applying for or starting a new role. Finally, if a company is undergoing financial cut backs and redundancies are on the horizon, some staff may resent this and see stealing data as a way of getting revenge on the company.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.