When many people think of cybersecurity, they probably conjure images of shadowy figures attacking an organisation from outside.
External threats are certainly important for any cybersecurity strategy, but insider threats must also be accounted for.
These are threats that originate with authorised users including employees. They can include malicious actors, but also individuals who cause a risk through negligence, carelessness, or poor training and practices.
Now, researchers have created a framework identifying seven categories of insider threat, as well as strategies to help mitigate these threats.
The seven animal-themed insider threats an organisation should be aware of
Blissfully Ignorant Dodo
These employees may expose an organisation to risks simply by being unaware of them. The way to deal with this threat is through education and training or retraining to provide the necessary awareness.
Fallible Frog
The Fallible Frog is aware of threats but prone to errors. This may be due to a number of factors ranging from stress to fatigue or even manipulation. The threat can be countered by providing relevant support and addressing issues such as burnout.
Disempowered Marionette
These are individuals who are restricted by inflexible processes and unprepared for emerging threats. The mitigation strategy is to reduce reliance on rigid rulesets and equip staff with the skills and autonomy needed to face new threats.
Whistleblowing Dolphin
Whistleblowing Dolphins are insiders with a moral drive to expose unethical behaviours. They can be mitigated by not engaging in such behaviours in the first place, as well as providing confidential internal channels to deal with concerns.
Misbehaving Magpie
These are people who deliberately bypass or disregard existing security measures. They may be motivated by curiosity or dissatisfaction. The risk can be mitigated by vetting, supervision and support.
Ideologue Ant
These are individuals driven to deliberately harm the organisation due to ideological reasons. The mitigation strategy is again to thoroughly vet potential employees and to monitor their behaviours.
Malicious Mamba
These are also individuals who want to harm the organisation, but in this case the motivation may be a perceived course of revenge or retaliation. They can be countered by monitoring employee activities, implementing technical access controls and fostering a positive workplace culture.
The framework was drawn up based on an extensive literature review and a survey of senior company executives.
Today’s news was brought to you by TD SYNNEX – the UK’s number one solutions distributor.
