Cyber attacks are increasing in frequency and impact. Whilst most relate to physical and IT security, employees make many attacks possible. GCHQ said recently: “80% of UK cyber attacks could have been prevented by embedding basic Information Security Processes”.
Adrian Wilmshurst, Chief Executive says: "Businesses should not underestimate the significant risk posed by ‘insiders’ due to their access to sensitive data and information. They can cause serious damage to an organisation, not least the damage caused to reputations both at a corporate and personal level".
Insider threats arise primarily from three sources:
- Careless insiders – the greatest risk and more often caused by simple human error, due to lack of awareness of risk or inadequate training.
- Exploited insiders – who are often hoodwinked or coerced into giving out information, including passwords or procedures to third parties.
- Malicious insiders – although the least likely, these are the most dangerous, due to the levels of access they have, especially the case of administrators with elevated levels of access.
At FOUR Security, we specialise in reviewing an organisation’s security procedures and processes. Very often a simple cyber security awareness programme to staff and contractors can significantly reduce your organisation’s cyber vulnerability, by incorporating the cyber risk into the Enterprise Risk Management process.