*Five types of insider that pose an IT security risk
You must be logged in to read the full article
When it comes to data breaches and IT security the attention is usually firmly focused on external threats. However, insider threat should not be overlooked according to IT security firm, Trustwave, and in many case is much harder to detect. During 2014 a surprising number of data-breaches involved insider-aided compromises. Whether it be an unwitting accomplice or a disgruntled former employee, Trustwave has outlined five types of internal assailant that you would be wise to factor into your security check-list.
1. The absent-minded worker who unwittingly places the company at risk due to poor security practices, such as clicking on suspicious phishing links or attachments contained in emails, or losing a laptop or USB stick.
2. The revenge seeker: the disgruntled worker intent on stealing or destroying sensitive data.
3. The privilege abuser: an employee that has been granted permission to conduct tasks and reach assets that are not required for their role.
4. The partner: a legitimate third-party contractor or other service provider who proves to be the weak link in the chain. Security breaches are typically accomplished through password-stealing malware or hacked credentials.
5. The colluder: a trusted insider who works with an external party to perpetrate a data breach by creating a vulnerability that can be exploited by an outside adversary.
Trustwave suggests nine recommendations to minimise your risk to an internal security breach and implementing a layered approach to your security protocols. To read Trustwave’s recommendations and review the full article text – click here.
Information courtesy of the Trustwave blog – https://www.trustwave.com/Resources/Trustwave-Blog/