Online security breaches and cybercrime are a commonly recognised threat in today’s world. But Alan Calder considers a lesser-known risk: the employees themselves.
As the cyber threat landscape continues to evolve, technological security measures (just about) keep pace, rebuffing attacks and blocking viruses, malware and other malicious content from systems. Unfortunately, these measures can do little to control the behaviour of end users; therein lies a major problem. Research regularly shows that insiders represent the biggest security threat faced by the modern organisation.
The insider threat landscape isn’t limited to malicious staff, though; it now covers malicious outsiders who have stolen valid user credentials – frequently via social engineering attacks, or ‘hacking the human’. It’s often said that the easiest way to gain unauthorised access to a computer system is simply to ask for the credentials. Criminals recognise this and use social engineering attacks to manipulate innocent users into divulging information that compromises their systems, often without their knowledge. It is far easier to do this than to hack a system via technological means.
Full article is available to IT Faculty members and subscribers of Faculties online.