For many years, the idea of cyber security has been synonymous with defending a network’s perimeter from external threats. Over the last 18-24 months we have seen a major shift in the threat landscape, with perimeter protection growing steadily less relevant.
A strong perimeter is necessary to protect from the countless low-level attacks hitting companies every day. It is a basic requirement for cyber security in business. However it is no longer effective against most advanced threat actors. Different tactics are bypassing defences: such as attacking through a supplier or tricking employees with social engineering.
It is also increasingly the case that a security incident will be caused by someone already inside the network perimeter. The idea of the insider threat covers a wide range of motivations, actions and outcomes. But all boils down to an employee abusing their privileged access to misuse corporate information.
Who is behind the insider threat?
As with most illegal activity, malicious insiders are often motivated by the chance to make money or further their personal agenda. There have been several high-profile incidents in recent years. For example scientists stealing high value pharmaceutical trade secrets with the aim of setting up their own company. In another example, a financial services employee stole data relating to thousands of clients. He copied it to his home server to use as leverage for potential employers.
Most insiders are not nearly so ostentatious however. And it’s more common to find that they have taken work they have completed or contacts they have built up. These incidents often include mission critical data and the user may not be aware of the damage they could cause.
You can read / download the full article here: Why the biggest threat to your organisation may already be inside
And you can follow us on Linkedin for technological updates and news related to business transformation in China.
Or Check our blog for more updates on tech issues: https://www.ssbg.com.cn/blog/
#ChinaITManagedServices / #ChinaITSolutions / #ChinaITSupport / #ChinaITServices / #ChinaCyberSecurity