Who's inside your organisation?
Although managers tend to perceive most threats as coming from outside an organisation, this is not always the case. Attacks originating from inside are numerous, and traditional measures such as intrusion prevention systems and firewalls are incapable of defending against them.
This is according to Yusuph Kileo, a cyber security and digital forensics expert from Tanzania, who will present: 'Pan African security initiatives - how to interface with initiatives on the continent, with a specific focus on Tanzania' at ITWeb Security Summit 2015 later this month.
The insider threat constitutes a huge danger to financial institutions, critical infrastructures, businesses small and large, and government agencies, he notes, and there are many different examples of malicious insiders.
"For example, the bank employee who alerts robbers to the customer who has just withdrawn a large sum of money; the financial manager authorising payment of a fraudulent invoice; or the employee who shares information with competitors through his or her personal e-mail." There have also been cases where a software engineer has edited code in a system, causing the system to malfunction.
Kileo says insider threats must be dealt with effectively because they are extremely dangerous. "It is like fighting in the dark, fighting with someone who knows you better than you know yourself; fighting with someone who has the tools and technologies to do harm. When an insider voluntarily or involuntarily decides to abuse this trust, they can cause serious damage, ranging from loss of revenue, disrupted business operations, a loss of competitive advantage, intellectual property theft, and more."
The motivation behind insider threats is not all that different from the motivation behind external ones, says Kileo. "The reasons range from financial and personal to ideological."
Non-deliberate insider threats can occur due to lack of knowledge and inattention to detail. For example, an employee could receive an e-mail containing malware and open it, or share their passwords with other staff without following procedure.
A lack of a security policy is another contributing factor to the rise of the insider threat. "For example, allowing staff to use flash drives and other external storage devices."
Kileo says periodic security training for employees, incorporating insider threat awareness, is essential. "Anticipation and management of negative issues in the work environment, and implementation of strict password and account management policies and practices, are advisable."