Insider threats face the paradox of being on the rise but not being reported.
Even taking into account that insider threats are a major area of concern, organisations do not react as expected. There exist three primary reasons as to why insider threat is being ignored:-
- Organisations are not aware of it
- They fear bad publicity
- It is easy to be in denial
The fear of public and industry reaction to insider risks and attacks bars organisations from sharing information. Most security professionals believe their businesses are unable to effectively examine insider risks even though they realise the dire consequences posed by this inability. Moreover, experts suggest that another underlying reason is that organisations know that the threat is real but they do not know how to deal with it.
They employ extremely stringent counter-measures which are neither effective nor congruent with their organisational environment. In such a scenario, it is imperative to first identify the factors other than the insider, which are detrimental to insider threats.
Technical and social factors
Technology is progressively changing social attitudes.
As technology has become more handy and easy to use, it is having an impact on social interactions and structures. Owing to the ease of work system integrations, employees are experimenting with the variety and applicability of technological outlets. They are demanding greater freedom to use IT applications and devices of their choice. Furthermore, the current generation is increasingly reliant on social networking sites and instant messaging; these could potentially challenge the established modes of IT security management.
This situation is a major threat as people merge their professional and personal lives. They find it difficult to have a boundary between the two as they end up sharing personal and business information on social networking sites. Though pressure is mounting on organisations to give employees technology freedom, it must be supported by clear rules and regulations.
Business and economic factors
To survive in the dynamic business environment and rapidly scale their operations, businesses have adopted the model of outsourcing which costs less and business revenue stays intact. However, a single outsourcing transaction can change the status of many “outsiders” to “insiders” and eventually blur the distinction between company’s employees and third party personnel. In addition, security components are also outsourced and this makes the concerned business more vulnerable to an insider threat.
Besides, as the employee turnover increases so does the risk of exposure of intellectual property and the likelihood that high-value or high-impact knowledge could be transferred to a competitor or other outside sources.
Organisational and national culture are key determinants in this domain. Owing to the start-up culture and ever-changing corporate landscape dynamics, most organisations undergo a certain degree of transformation and traditional cultures are dismantled and rebuilt. Consequently, employees’ behaviour and changing attitudes towards security can cause fear, uncertainty and doubt if not managed properly.
Regional and national attitudes towards crime differ significantly and so does the means of safeguarding against them. It is under such circumstances that the influence of external sources on insiders may be easier to apply, either directly by coercion or indirectly using advanced social engineering methods.
As a result, insider threats and risks require evaluation, prioritisation and relevant reactive measures.
Collaboration and information sharing are paramount to the implementation of a successful risk mitigation program. But aside from having in place and running a secure risk mitigation program, what other components can be brought to the table?