Get Aligned!

While it’s important to shore up your cyber security defences against hackers and cyber criminals, what about planning for and preventing an inside job? According to a recent survey of global corporate executives by Carnegie Mellon University’s CERT Insider Threat Center, insider threats were their number one security concern.

Who poses a risk?

Insider threats can come from ‘malicious insiders’ including former and current employees, contractors and sub-contractors, business partners and anyone else with access to your business network, IT systems and business critical data. CERT Insider Threat Center identified the following employees as posing the greatest threat to an organisation:

  • Disgruntled employees motivated by revenge: typically someone who feels personally slighted, possibly due to a missed pay raise that was expected, or a negative encounter with supervisors over work, benefits, time off, demotions, transfers or other similar issues
  • Profit-seeking employees motivated by money: by stealing information and selling the stolen data to organised criminals, or modifying the data to steal an identity, the employee stands to make money. The information is generally easy to access and steal for the employee, and they may rationalise the theft by telling themselves, ‘the company won’t even miss it’
  • Departing employees motivated to gain a competitive advantage: if an employee is starting their own business or moving to work for a competitor they may be tempted to take with them company information and data that gives them a competitive advantage. This might include customer lists, business plans, and other examples of the organisation’s IP
  • Employees who think they have rights to IP: these employees might think they own the code they wrote or product they developed because of their involvement in creating it. They don’t appreciate that it belongs to the company and taking it to use elsewhere infringes IP copyright

Human error and negligence can also be a factor when it comes to insider threats. For example an employee may not recognise a phishing email and click on a link or reply with confidential information. Raising awareness of cyber threats and providing training to all employees is a key way to prevent this type of insider threat. However in this instance, we’re focusing on malicious insiders and how businesses can mitigate against this particular threat.

How can you protect your business from malicious insiders?

We partner with Watchful Software to protect our clients’ data against exactly these kinds of threats. This security solution provides data-centric information protection against both accidental and malicious disclosure. How does it work?

Automated enforcement of corporate policies. Every time an email, document, spreadsheet or report is created it is automatically analysed for compliance against the company’s information control policy.

Data classification. If the information meets certain triggers it will be classified, marked and protected, including restricting access so only x individuals can use it.

Monitors and spots fraudulent access attempts: RightsWATCH (Watchful’s software solution) can also spot attempts from non-authorised users to access protected information data, and potentially identify malicious insiders.

Just as you can help prevent data breaches caused by negligence by raising awareness of the risks with your staff, you can also deter malicious insiders in the same way. When employees are aware that the company is monitoring networks and their usage, and that the organisation is taking a proactive approach to insider threats, they are less likely to attempt this kind of criminal activity.

For more information about RightsWATCH and to explore other cyber security measures to protect your organisation, contact the OryxAlign team on hello@oryxalign.com or +44 (0)207 605 7890.

Back to List

Related Stories

Windows 7, Server 2008 and 2008 R2 security updates end January 2020

Windows 7, Server 2008 and 2008 R2 security update…

On January 14, 2020, support for Windows 7, Windows Server 2008 and 2008 R2 will end. That means the end of regular security updates. Failur…

Read Post

Protecting Your Property

Protecting Your Property

The physical protection of your building and IT Systems is just as important as online protection. With the use of information technology an…

Read Post

Understanding The Digital Workplace

Understanding The Digital Workplace

The digital workplace is the virtual, modern version of the traditional workplace. It quickly and securely provides personalised, role-based…

Read Post

5 Things to Know About Wi-Fi 6 and 5G

5 Things to Know About Wi-Fi 6 and 5G

The sixth generation of Wi-Fi, Wi-Fi 6, also known as 802.11ax, provides more speed, lower latency, and increased device density. The fifth …

Read Post

The New Technology Buyer

The New Technology Buyer

It is predicted that 80% of new technology spend will sit with business buyers by 2020. This is a change which has come about primarily due …

Read Post

Security on the move

Security on the move

The ability to stay secure and productive anywhere, on any device is of great and growing importance to all businesses.

We look at the fi…

Read Post

Business Benefits of Microsoft Azure

Business Benefits of Microsoft Azure

Connecting Clouds: The growing pains of cloud adoption continue as organisations realise that a single solution of either Private Cloud, Dat…

Read Post

Understand & improve your security posture

Understand & improve your security posture

Gain deeper visibility into and take control of your security.

Assessing your security posture is an ongoing challenge. Increasingly soph…

Read Post

Artificial Intelligence

Artificial Intelligence

Artificial Intelligence (AI) and Machine Learning (ML) are fast becoming important pillars of many organisations’ digital transformation s…

Read Post

IT Risk Management

IT Risk Management

With today’s pressures of compliance, cybercrime and customer demands organisations can no longer afford to have ad-hoc IT Policies and IT…

Read Post