The biggest threat to your organisation could be sitting just down the corridor from you. Insiders, malicious and careless, are all too often the cause of a major security breach.
Many of the breaches that have hit the headlines in the past few years have been enabled by insiders, sometimes deliberately, sometimes totally by accident, and these types of breaches can be even more disastrous than those carried out by outside threats.
The threat from insiders is a real one. They access to legitimate log-in credentials, they know what information the business has without having to exfiltrate the network and perform reconnaissance.
Janine Van Niekerk, OMEM CST: IT Service Design and Transition, at Old Mutual Life Assurance Company, says user attitude can either make or break an organisation's effort to protect valuable information.
"Naive behaviour poses a huge risk as users tend to not fully understand the risk that they are opening the organisation to. This is seen over and over as you read of companies being breached by social engineering, falling prey to phishing e-mails and weak passwords."
She adds that in some businesses this threat is being underestimated, but there is a growing focus on addressing user behaviour with cybersecurity initiatives and information security awareness programmes.
In terms of what companies should be doing to improve user attitude, Van Niekerk says: "Firstly they need to understand the user, knowing why they do what they do. Next step would be to identify the areas of weakness e.g. increase in infected USB drives, weak passwords and suchlike."
These steps will give organisations the ability to implement effective strategies to improve behaviour to specific threats, she concludes.
Van Niekerk will be presenting on the 'User attitude towards security' at the ITWeb Security Summit, to be held from 15 to 19 May at Vodacom World in Midrand.
Share