Collaboration, cloud computing, and data mobility changed all that.
Although the list of bad actors may not have changed, their methods have and so have the relative levels of risk associated with each one. Insider threats are now only equalled in diversity and range by cyber terrorists. It’s time to take the insider threat seriously.
Key cyber threat sources can be categorised as nation states, cyber criminals, cyber terrorists, hacktivists, hackers, competitors, and insiders.
Each group has its own set of motivations, ranging over politics, financial gain, ideology, curiosity, recognition, competitive advantage, and strategic advantage, with insiders ironically adding one more, that of “good intentions”.
Social engineering attacks for example rely on the good faith and willingness to help of employees or members of an organisation to disclose otherwise confidential information.
The consequences of the actions of different groups may then include exposing, stealing, altering, and destroying information assets, disruption of business operations, supply chain, and manufacturing, damage or destruction of IT assets, manufacturing assets, and facility assets, and negative impact on the health and safety of employees.
Cyber terrorism and insiders (whether deliberately or not) are the only categories to “tick all the boxes”.
However, if the good intentions of insiders in an enterprise are a liability, they can also be a stepping stone to the reduction of threats to IT security through suitable end-user awareness and education.
In addition, the new generation of solutions using behavioural analytics (e.g. UEBA or User and Entity Behaviour Analytics) can help not only to detect malicious behaviour, but also unintentionally dangerous actions, such as users sending files or access credentials to third parties.
On the other hand, the worst thing enterprises can do is ignore the insider threat or hope it will go away by itself.