When it comes to Cybercrime, cyber attack, Most imagine that the supreme threat comes from outside the company / company. To some extent, it is, but the real danger to a company is exactly The worker who has a laptop on his hand or computer connected to internal network The company and who Manipulates sensitive data.
Most of the time, when it appears in the CV: “PC knowledge: environment"It is enough as long as the future employee knows how to handle well a software used by the company or an Excel. From here to a disaster in the event of a cyber attack, it's just a click.
A survey by Haystax Technology found that 74% of organizations surveyed feel vulnerable to internal threats, while 56% of IT security companies surveyed said that the dangers within companies have increased significantly in the last year. .
After the attack WannaCry It was found that most of the vulnerabilities arose because of ignorance and / or Negligence of some employees who Ignored the warnings.
Three types of employees have been identified that can become an internal danger to a company's data.
1. Employees who from innocent actions can compromise important data.
Here comes the category of those who lose their service phones that they have stored emails and other data for the company they work for. More seriously, employees have been reported who, without realizing the danger, have sold the service telephones to a third party.
Also in this category are those who download sensitive company data from service laptops to personal data storage units. Using a work laptop at home becomes a problem if the home user network is not secure or if PCs or other infected devices are connected to that network. In the case of WannaCry, several situations have been reported in which the virus was brought into the internal evil of the employees' companies that had the laptops at home.
This kind of employees can cause greater damage than a malicious hacker might do.
2. Unobtrusive and / or negligent
We all know The blinking warnings on the screen And ask us to do it Immediate action.
In a survey conducted by Google in 2013, it was found that out of 25 million warnings given by Google Chrome, 70.2% have been ignored. Following this disastrous report, Google has decided to simplify the immediate action procedure aimed at blocking or neutralizing the potential danger. This is just an example on Google Chrome. Warnings given by AntiVirus software are often ignored by users or treated with superficiality. There are many situations where the employee does not even check the report of a warning message, much less to inform about the potential danger. A large number of alerts are rejected and the employees continue to work on the laptop / PC.
Opening dubious emails and downloading malicious files is another big problem. Many employees open email attachments without blinking without prior checking. Find Here details.
For both point 1 and point 2, most of the blame lies with the company, which does not provide adequate training in this regard. Let's ask ourselves how many companies explain to employees how an antivirus works and how to optimize their security settings? Better not.
3. Employee bad intentions
Unfortunately, not only human error and inattention are the causes of data compromise within a company. Bad intentional employees play an important role,
This category includes employees who "alleviate" their frustrations by leaking sensitive company data to third parties or even directly on the Internet. There were situations in which the employees of some companies, due to various dissatisfactions, made public on the internet sensitive databases of the companies for which they worked or for which they worked.
There were also few cases where the data were stolen and sold to another company. Sabotage and computer spying inside are also in this category.
In a study commissioned in 2016 by The cyber security company Nuix, it is shown that 93% of those interviewed consider the human factor to be the greatest risk to data integrity.
The solution is in the hands of companies that could sanction negligent employees, those who misunderstand or deliberately violate security and privacy policies.
This is unlikely to happen on a large scale, in an environment where everything is done "fast forward".