Insider threats are malicious threats that an organization is exposed to through people from within that organization. These people may include employees, former employees, business associates and other stakeholders who are responsible for the day to day running of the organization. Security threats, therefore, result because these people have a lot of information concerning the company that may be leaked to malicious people or can be used by the insiders themselves to sabotage the operations of the organization (Aldhizer III, 2008). Kelly suggests that the biggest threat to an enterprise is the end users who are mostly targeted by attackers because they are considered the weakest link to breaking into the security systems of that organization (2006). They can not only be influenced and lured into sharing critical information with outsiders but can also take part in malicious activities especially in cases of conflict because they have an understanding of the security protocols and have legitimate access to the computer systems of the company.
Technical solutions will, therefore, solve part of the problem but it is not the ultimate solution. According to Kelly (2006) banking on security technologies alone cannot guarantee the security of an organization. Resources have to be allocated to finance training programs for employees and other internal stakeholders of an organization. Due to ignorance, employees sometimes give out information without knowing the intentions of the other person or without their knowledge that what they are sharing may have catastrophic impacts on the organization if it is used by malicious people against it. With that in mind, senior members of staff and other decision makers in an organization have to ensure that both technical measures and training programs have to be applied to improve insulation against external attackers.
An organization cannot completely do away with security risks and attacks. It can, however, lay down mechanisms to contain security attacks before attackers can do any harm. Apart from spending money on security technologies, as a security manager, you should also focus on raising awareness and initiating security training programs for the employees (Aldhizer III, 2008). Attacks like phishing require employees to be aware that malicious people intend to acquire information from an organization. On the other hand, it is important to train employees to have an understanding of more complex attacks like baiting and scareware. Hence, employees should know how to handle such situations and what steps to take in case they encounter a security attack problem.
Aldhizer III, G. R. (2008). The insider threat: automated identity and access controls can help organizations mitigate risks to important data. Internal Auditor, 65(2), 71-73
Kelly, C. J. (2006). Awareness trumps new security toys.COMPUTERWORLD-NEWTON THEN FRAMINGHAM MASSACHUSETTS-, 40(41), 44.
Need a paper on the same topic?
We will write it for you from scratch!
If you are the original author of this essay and no longer wish to have it published on the SpeedyPaper website, please click below to request its removal:
- Songbird or Subversive
- Han Fei Tzu Basic Writing
- The most difficult academic problem I have faced
- Study Guide on international culture and management
- Human resource management essay
- Government Surveillance, Safety and Privacy
- African slaves to New World
- Of Love and Other Demons
- The word Apologise is a performative verb.
- Statement of the Problem Investigated
- CONGESTIVE HEART FAILURE
- The Microsoft Bond Issue