Most organisations give priority to securing network from external threats over insider threats. In the last few years, however, things have changed dramatically. The use of social media sites and various software applications by employees, during and outside of working hours, has made organisationsan easy target for cyber criminals. Therefore, it is more important than ever to pay equal attention to internal and external threats to ensure network security.
The huge security risk posed to organisations by internal users has been confirmed by a recent Mandiant Report
. According to the report, the easiest and fastest route into a network is increasingly to target an employee with spam emails. The ultimate goal is to install a malicious piece of software on the organisation’s network and steal information.
Alan Calder, CEO of cyber security specialists IT Governance
, says, “Employees are the weakest link in the network. It is not surprising that they are often the primary target of cyber attackers who use methods like phishing, social engineering, blended threats and more to achieve their malicious goals.
“So, if you’re a director or general manager, and you’re concerned about cyber security
, you should be insisting that your IT team, together with your HR department, operate an effective staff training and awareness programme. If you’re in IT security, on the other hand, you should be ensuring that you have adequate budget to tackle these most basic of modern security precautions.”
Organisations should also recognise that the insider threats get tougher, with evolving trends like BYOD (Bring Your Own Device). The sooner organisations implement an information security staff awareness
programme, the better their chances when fighting cyber attacks targeted at their employees.
The Insider Threat
pocket guide sheds light on the key security issues facing organisations from insiders to get them up to speed quickly. The pocket guide can be ordered online at www.itgovernance.co.uk/shop/p-1178.aspx
Other resources that will help organisations kick start their information security staff awareness
programme include the Information Security Staff Awareness e-learning course
and the Information Security Awareness Posters