Security Vulnerabilities Through Employees

The information security threat landscape is constantly evolving. Disruption from an over-reliance on fragile connectivity can be detrimental to a business. Organizations today depend on instant and uninterrupted connectivity, smart physical devices and trustworthy people. But this dependence makes companies vulnerable to attacks on core internet infrastructure, devices used in daily business, and key people with access to mission-critical information.

Your business may be high-tech and digital, but your employees exist in the physical world, and that makes them vulnerable to blackmail, intimidation and violence. The ISF (Information Security Forum) predicts that over the next two years, well-funded criminal groups will combine their global reach and digital expertise to extort privileged insiders to give up mission-critical information assets, like financial details, intellectual property and strategic plans.

One solution is to invest in special measures to protect individuals with privileged access, such as instruction in physical security precautions and understanding exposure of social engineering methods. Additionally, companies can implement mechanisms to protect their organization against these insider threats. These mechanisms could include screening prospective employees and embedding appropriate clauses in employment contracts. Finally, adopting a trust-but-verify approach for privileged insiders can foster a culture of trust, while verifying and monitoring appropriate system access.

I hope this helps bring to light some of the challenges and options available to improve your company security, beyond just the network. Stay tuned for more coming soon.