Insider Risk

For 90-95% of IT leaders the biggest cause of concern is humans and for 52% of businesses employees are their biggest weakness. According to a 2017 Kaspersky report, around 5% of all cybersecurity attacks were carried out by internal staff with malicious intent, with an additional 23% carried out by careless/uninformed employees. Although the majority of attacks come from outsiders this is still a large figure and it poses serious threats to organizations.

An organization might have the best software to secure their data center, the best physical security in and around the building, strong defensive technologies and the right security policies and processes in place, but should an employee act carelessly or maliciously, all these security measures are essentially useless. Organizations are aware of the threat and have expressed concerns about it. This concern is not always linked to malicious attacks, but rather to inadvertent ones. Careless/uninformed staff can act in numerous ways that will lead to sensitive data and information becoming exposed. However, organizations also need to be aware of insiders who purposefully reveal confidential and sensitive information for personal gain.