With reports of cyberattacks more frequently seen in the headlines, organizations are increasingly aware of the need to have cybersecurity measures in place. But they should be careful not to overlook the insider threat as they are crafting their security protocols.
According to the US Computer Emergency Readiness Team (US-CERT), an insider threat comes from an individual who has or had authorized access to an organization’s assets. They can use this access to either maliciously or unintentionally act in a way that could negatively affect the organization.
An employee doesn’t have to act with malicious intent to pose a threat. Sometimes accidents can happen, and they can be very costly - especially in regulated industries like healthcare where breaches can result in significant fines and loss of reputation. Additionally, users sometimes intentionally violate policy because they underestimate the risks and following policy is inconvenient. Accidents and non-malicious violations can open the door to malicious attackers.
Carl Willis-Ford is a senior principal, solution architect within CSRA’s Health & Civil group. In his article 3 Insider Threats You Need to Plan For, he outlines the different types of insider threat organizations are facing today and what they can do to manage the threat.