One of the debates that often comes up is who is the bigger threat to IT security: insiders or outsiders. While both can cause real damage to a company’s assets, insiders have a key advantage. Here is one way to consider that advantage. To launch an attack what’s needed is means, motive, and opportunity. While outsiders may have a motive, insiders have the means and opportunity to launch an attack. This places them in a much better location to carry out malicious activities. Here are a few items that can be used to reduce the threat of insider attack:
- Management must enforce key personnel controls that deal with hiring, managing, and terminating personnel. These controls reduce information leaks or theft from careless employees whose online habits open the door to hackers or rogue employees who try to sabotage the company when they’re terminated.
- The need for controls: Controls can be preventive, detective, and corrective. Layering controls helps a company build defense in depth through an increase in cybersecurity and information protection.
- Get your employees involved. Keeping employees involved in security can help strengthen and reinforce best practices. Employees should also complete periodic security training and awareness so that they know the latest scams and risks and how to avoid them like phishing schemes in emails or malware links in social media.
- Have a third party assess your security controls. It’s good idea to have someone review your network from the outside-in and start to consider how a hacker would see your network.