Former CIA tech boss warns organizations about insider cybersecurity threat
(Source: IT News)
Organizations need to be more aware of the threats posed by trusted insiders, according to CIA’s former chief technology officer Bob Flores. The comments, made during a keynote speech at the Connect Expo in Melbourne, come after IBM’s Cyber Security Intelligence Index crushing conclusion that no less than 95 percent of all cybersecurity incidents are triggered by human error.
“Trusted insiders are probably the biggest problem you’re going to run into. However, when we’re talking about an insider threat, we’re often not talking about people who have a nefarious reason for doing what it is they’re doing. Most insider threats come from people doing things inadvertently”, says Flores. Being a trusted insider doesn’t mean you can’t be doing bad things – you can be doing bad things without even knowing you’re doing bad things.”
There are insiders with a hidden agenda, of course, but most likely it’s just an employee clicking on a link in an email that looked genuine at first glance but was far from it. These thoughtless clicks are the result of poor security practices among staff. “Employees have to be educated about security, and they have to be educated again and again and again. You can’t do it once as they come into the organization, they have to learn about it until they retire”, according to Flores.
Improve cybersecurity, educate your staff
But how do you keep educating your employees, without keeping them from their work? At the office, we found a way. Rather than pulling people away from their desks for a million and one training sessions, small bits of cyber security information are shown over and over again on every screen throughout the building.
Whether it’s through our screensaver, digital signage screens or corporate app, employees are reminded on the daily of everything and anything cyber security related. With great success. We’ve noticed that people are far more cautious now when it comes to clicking on dubious email links, opening attachments or giving out sensitive information.
Want to improve cybersecurity at your organization? Contact one of our experts and start educating your staff today!