In an era where most organizations run on electronic communications, it is not only executives and IT engineers who hold the keys to the IT kingdom. Any member of staff with Internet access at work is a potential breach. Many chief executives pride themselves on being a good judge of character, but few outside small start-up organizations would claim to be able to vet their entire staff with a sideways glance. In many organizations, this leaves thousands of members of staff at all levels appearing to be potential security leaks.
If up until you thought that most cyber attacks were by external persons, you might be surprised to hear that statistically, most of these attacks had something to do with the internal staff. A research on the subject shows that inside threats are the cause for 80% of cyber crimes – a figure that is gradually increasing.
An inside threat is generally defined as a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system or data and intentionally misused that access to negatively affect the confidentiality, integrity or availability of the organization’s information or information systems.
This can be the result of deliberate cybercrime or it could be that the staff member has been careless with their personal log-in details. But it makes no difference whether the breach was intentional or not, as cybercrime gangs can exploit the exposed organisation. It can get inside the IT system and easily run malware across the target organization’s entire communications network.
In fact, these criminals can encrypt the company’s most sensitive data and then demand huge sums of money as ransom to retreieve the stolen information. Should the company refuse or be slow in paying the ransom demand, the criminals can spread the company’s clients’ sensitive information on the Darknet.
One of the solutions available for this problem is conducting a thorough internet research about any incoming staff coming to work for the company, and looking for any warning signs that testify a connection to any suspicious activity. After all, these days everyone leaves a trail online.