When it comes to Computer crime, cyber attack, most imagine that the supreme threat comes from outside the company / company. To some extent it is, but the true danger to a company represents exactly the worker who has a laptop on his hand or a calculator connected to the internal network of the company and which manipulates sensitive data.
Most of the time, when it appears in the CV: “PC knowledge: medium“, it is enough as long as the future employee knows how to handle a software that the company or an Excel uses. From here to a disaster in case of a cyber attack, it is only a…click.
In a poll made by Haystax Technology, it was shown that 74% of the surveyed organizations feel vulnerable to internal threats, while 56% of IT security companies responded that in the dangers inside the companies they have increased significantly in the last year.
After the attack WannaCry It was found that most vulnerabilities appeared because of ignorance and / or the negligence of some employees who have ignored warnings.
Three types of employees have been identified who can become an internal danger to the data of a company.
1. Employees who from innocent actions can compromise important data.
Here is the category of those who lose their service phones that have stored emails and other data for the company for which they work. More serious, employees were also reported who, without realizing the danger, sold the service phones to a third party.
Also in this category includes those who download sensitive data of the company, from the service laptops on personal data storage. Using the service laptop at home and becomes a problem if the network “home user” It is not secure or if PCs or other infected devices are connected to that network. In the case of Wannacry, some situations were reported in which the virus was brought to the internal network of employees who had laptops at home.
This type of employees can cause greater damage than the action of an intentional bad hacker could be done.
2. Inattentive and / or negligent
We all know Warings that blink on the screen and they ask us to undertake a immediate action.
In a poll made by Google in 2013, it was found that out of 25 million warnings given by Google Chrome,70.2% were ignored. Following this disastrous report, Google has decided to simplify the immediate action procedure oriented on blocking or neutralizing the potential danger. This is an example only on Google Chrome. The warnings of antivirus software are often ignored by users or treated with superficiality. There are many situations in which the employee does not even check the report of a warning message, let alone be informed about the potential danger. A large number of alerts is rejected, and the anagatians continue their job at the laptop / pc.
The opening of email messages had dubbed and downloading malicious files, represents a big problem again. Many employees open attachments in the e-mail without blinking, without making a prior check. Find Here details.
Both for point 1 and for point 2, the big part is the company, which does not make an adacuated training in this regard. Let's wonder how many companies explain to employees how an antivirus works and how to optimize their security settings? Better, no.
3. Employed badly intended
Unfortunately, not only the human error and inattention are the causes of compromising data within a company. Employed employees are playing an important role,
This category belongs to employees who are “alina” frustrations by leaking sensitive data of the company to third parties or even directly on the Internet. There were situations in which the employees of some companies, from various dissatisfaction, made public on the Internet sensitive databases of the companies for which they worked or worked.
There were no few cases in which the data were stolen and sold to another company. Sabotage and computer spy from the inside are also in this category.
In a study ordered in 2016 by Cyber security company Nuix, it is shown that 93% of those interviewed consider the human factor being the highest risk for data integrity.
The solution lies in the hands of companies that could sanction negligent employees, those who misunderstand or deliberate security and confidentiality policies.
It is unlikely that this happens on a large scale, in an environment where everything is done on “quickly before”.
