Cyberspace has over the years been evolving with an increasingly complex threat landscape that traditional security approaches cannot effectively address. Defending these threats in the future will involve organizations becoming aware of the threats that they are not in control in a realistic manner. This process will involve the bolstering resilience of company management in solving insider threats . Company directors today recognize and acknowledge the importance of cyber security for their information systems. However, not in many companies that the management has taken effective precautions in risk management processes and especially regarding insider threats. Insider threats take the form of malicious employees downloading and sharing or transferring or destroying intellectual property with malicious intentions before they quit or even during their tenure. It can also take the form of employees using the systems that bypass the defensive system or security policies that they find inconvenient. Companies fail to act effectively on insider threats risks mainly because they deny that the problem exists or that the problem is too overwhelming. Either way, the results are that company sensitive employee information, internal communications, customer data, business intelligence and trade secrets are exposed to malicious attackers.
The insider threats are prevalent in all industries but more common in organizations operating in the financial market industry. If not properly managed, it can be a source of financial shocks typified by liquidity dislocations, credit losses, disrupt business and an alternative channel that these shocks can be transmitted across international markets. As such just as with external risks to information systems in organizations, there is a need to ensure that there is complete defining of security policies that clearly ensure employee behavior is monitored and adheres to company security requirements. Employees can be more efficient in following the security policies when they are trained and pairing it with external threats access controls restricted to only privileged employees and continuous monitoring and auditing of the information systems security.
References
Kennedy, T. (2016, June 13). Managing Insider Threats Is a Key Component to Managing Insider Threats Is a Key Component to Managing Insider Threats Is a Key Component to Managing Insider Threats Is a Key Component to Managing Insider Threats Is a Key Component to Managing Insider Thr. Agenda, p. 2.
