How Insiders Can Threaten Cybersecurity

Hackers, foreign influence, and ransomware are considered the most dominant sources of cyberattacks. However, disgruntled, disillusioned, or negligent employees may pose an even greater threat to a company’s data and networks. In this video, Debora Plunkett, former Director of Information Assurance at the National Security Agency, explains what actions organizations can take to mitigate the risk of insider threats. 

The Harvard VPAL Cybersecurity: Managing Risk in the Information Age online short course equips you with the skills to assess the threat posed by those closest to your organization.

Transcript

Insiders pose a threat to cybersecurity, first of all, because they have legitimate access to information, data, networks, storage. And, because they have that legitimate access, if they should choose to use it in an illegitimate way, they pose a huge risk. Because they could put company data at risk. They could put the company itself, the organization itself at risk. They understand the networks. They understand, in many cases, how data is stored. In many cases, they hold the keys to the kingdom.

If you think about the premise for cybersecurity, it is protecting data and information and the networks or infrastructures on which they reside. Insiders, because they have that legitimate access already, they cut the legs off a legitimate cybersecurity effort because they can go undetected, because they can move within an organization and not necessarily be noticed unless they take steps or perform actions that are unusual, and unless the organization’s actually looking for that.

Insiders target an organization’s information systems for a couple of reasons. Sometimes they are just disgruntled. They’re unhappy with the workplace, and they intend to perhaps leave and want to leave by doing harm to an organization. Sometimes they’re disillusioned. Socially disillusioned, politically disillusioned, and they might believe that the organization has information that can support their position or refute their position, one way or the other. And so, they would target information in an organization to embarrass an organization, to expose the inner workings of the organization.

Organizations can improve the acts of insiders, whether intentional or not, in a couple of ways. The first is that they have to understand what normal is and they have to be able to look for the abnormal. So, understanding what normal behavior is of an employee who has legitimate access and then recognizing when that individual takes an action that’s not normal – downloading large volumes of information or bringing equipment into the workplace that they might not otherwise have or use. Or working very late hours or odd hours are indicators that an employer should take a hard look at to see if there’s anything untoward happening.