14 May 2024

How Employees Can Unintentionally Compromise Cybersecurity

Insider threats pose a significant challenge to both public and private organizations of all sizes. Any employee or contractor that has access to sensitive data and systems can become an insider threat, whether intentional or not. Insiders that are most commonly considered as threats are people that intentionally conduct activities that put the organization and its resources at risk. A common example of an intentional insider threat is a disgruntled employee who either wants to cause damage to an organization or to steal something (e.g., intellectual property) that has value to them. Insider threats, however, can be unintentional as well and the purpose of this blog is to remind readers of these unintentional threats who mistakenly or unknowingly cause damage to an organization.

Former and current government officials around the globe have expressed their concerns regarding insider threats, especially the unintentional insider threat, who has most likely not received the proper education training for their position1 2 3. Most ransomware infections and phishing schemes are successful because an employee within the organization, who was not sufficiently trained to identify threats, activates a link or visits a malicious web page.

The most dangerous insider threat is unassuming, naïve, and usually has the best of intentions. For example, the employee who accidentally uploads sensitive credentials the company's internal systems to a developer platform. Another example of an unintentional internal threat is an employee who falls victim to a phishing attack which can lead to a breach that allows access to internal documents, source code and internal systems.

The rise of social media has led to a new threat that puts individuals and organizations at risk: social media users often post pictures and updates when on vacation or a business trip. Miscreants can take these small pieces of information to build a bigger picture. Social media posts can inform a burglar you are away from your home. That same post can inform your competitor of your presence in a city that contains a mutual client or let someone attempting to conduct business email compromise (BEC) attacks know that you are out of the office and potentially out of contact with co-workers. While social media training is usually not part of employee education, it is highly recommended to help a workforce understand the power and threats of social media. The cost to train a workforce is far less than the cost of a breach or lost business.

Insider threats, both intentional and unintentional, need to be addressed within an organization. Organizational security policies, procedures and practices need to account for internal threats as well as external ones. The development of comprehensive security policies, procedures, and practices, in combination with up-to-date technological solutions and staff training will increase the overall cybersecurity of the organization and help them to navigate the everchanging threat landscape.

Intertek's IT Security Consulting team has more than 25 years of experience in assisting both private and public sector organizations with the review and development of risk assessments, statements of sensitivity, security plans, policies, procedures, and IT security awareness training. We understand that different organizations have different concerns and requirements and are able to assist in the development of customized programs for each organization.  

Insider Threats a Major Risk to Canada's Security: ex-CSIS Official (Global News)

MI5 Guidance on Limiting Threats from Inside your Organisation

DHS Science and Technology Directorate: Cyber Security Division – Insider Threat

Headshot of Chris Wilson
Chris Wilson

Senior Threat Analyst, Intertek EWA-Canada

Chris Wilson is a Senior Threat Analyst within Intertek EWA-Canada and has been with the company for seven years. His work includes threat sharing, intrusion detection systems, vulnerability assessment, and policy development.  

Headshot of Ken Armstrong
Ken Armstrong

Director of Operations, Intertek EWA-Canada

Ken Armstrong is the Director of Operations with EWA-Canada. He has more than 30 years of experience in the IT security field. His work includes hands-on experience related to intrusion detection systems, incident response, computer forensics, vulnerability assessments, penetration testing, threat risk assessment, and policy development. Ken is a member of the international Forum for Incident Response Security Teams (FIRST), as well as an active member of the CVE (Common Vulnerabilities and Exposures) Editorial Board.  

You may be interested in...