A global leader in risk consultancy has warned companies of the dangers of internal cyber risk.
While many assume that cyber risk falls under an external threat from outside hackers, Control Risks have warned that danger can lurk within any organisation.
Jason Rance, managing director of Control Risks Australia Pacific has warned organisations that ignoring internal threats can lead to major breaches.
“By ignoring the potential for damage caused by malicious, negligent, and compromised insiders and focusing narrowly on external threat actors, companies and organisations are effectively locking the doors and leaving the windows open,” Rance said.
Rance noted that while those within a company will have access to all kinds of information which they could use maliciously, employee negligence can also leave organisations vulnerable.
“While malicious insiders can leverage knowledge of internal networks and awareness of what specific intellectual property is most valuable or potentially damaging, negligent insiders can prove equally valuable to external attackers.” Rance continued.
Control Risk warned that employees are often pushed to start malicious activity following disciplinary action or other unhappy circumstances and certain mitigation techniques can be used to help limit internal risk.
The company recommends that network monitoring practices be used to help identify unusual activity as can a greater screening and vetting process during the hiring phase.
“Adherence to these good practices helps to mitigate the potential threat from insiders and helps to harden an organisation against external threat actors looking for the weakest human link, but it also provides additional, softer, benefits,” Rance said.
“By focusing on understanding the needs and behaviours of employees and spotting dissatisfaction or disagreement early, combined with reinforcing strong values and culture, you can also create a more engaged workforce.”