Former CIA tech boss warns organizations about insider cybersecurity threats
(Source: IT News)
Organizations need to be more aware of insider security threats, according to CIA’s former chief technology officer Bob Flores. He made the comments during a keynote speech at the Connect Expo in Melbourne. The matter occurred after IBM’s Cyber Security Intelligence Index crushing conclusion that no less than 95 percent of all cybersecurity incidents are triggered by human error.
“Trusted insiders are probably the biggest problem you’re going to run into. However, when we’re talking about an insider threat, we’re not referring to people who have a nefarious reason for doing what it’s they’re doing. Most insider threats come from people doing things inadvertently”, says Flores. However, being a trusted insider doesn’t mean you can’t be doing bad things. You can be doing bad things without even knowing you’re doing bad things.”
Of course, there are insiders with a hidden agenda. But, most likely it’s just an employee clicking on a link in an email that looked genuine at first glance. However, it was far from genuine. These thoughtless clicks are the result of poor security practices among staff. “Employees have to be educated about security, and they have to be educated again and again and again. You can’t do it once as they come into the organization, they have to learn about it until they retire”, according to Flores.
Improve cybersecurity, educate your staff
But how do keep insider security threats outside? Most importantly, how do you keep educating your employees, without keeping them from their work? At the office, we found a way. Rather than pulling people away from their desks for training sessions, information is shown repeatedly on screens throughout the building.
On our screensaver, digital signage screens or corporate app, employees are daily reminded of everything and anything cyber security related. With great success. We’ve noticed that people are far more cautious. Especially, when it comes to clicking on dubious email links, opening attachments or giving out sensitive information.
Want to improve cybersecurity at your organization? Contact one of our experts and start educating your staff today!