Strengthening Measures to Deter Internal Security Risks in NITAM Act
In today's digital age, organisations face a growing threat from within their ranks – insider threats. These threats, as highlighted by the National Insider Threat Awareness Month led by the US National Counterintelligence and Security Center (NCSC) and National Insider Threat Task Force (NITTF), can stem from employees, contractors, or business partners who have legitimate access to company systems and data.
The only consistent characteristic of insider threat perpetrators is their ability to access sensitive information. This access can be exploited by cyber threat groups, who often seek to entice employees with financial inducements, either through direct contact or advertising on the dark web and legitimate channels.
A notable example of this was Twitter's incident in 2020, where notable accounts were hijacked by a cryptocurrency scam. The attack was executed by tricking an employee into handing over credentials using a voice phishing (vishing) attack.
To combat this, organisations should implement proactive cybersecurity measures. Employees should be educated about the tactics cyber-criminals may use and the potential consequences of becoming an insider threat agent. Staff should know exactly what is expected of them and what to do in case of a security breach.
Cybersecurity policies should be clear and basic security hygiene controls should be in place to ensure employees only access necessary data and systems. Networks should be segregated to prevent unauthorized access and security policies should be enforced periodically.
Employee well-being is an important preventative measure. Employee assistance programs can provide support to employees who may be struggling financially or with interpersonal issues, potentially reducing the risk of them becoming an insider threat.
Working remotely, people don't know their colleagues as well as they would in the office, and those in large companies are at risk of being compromised by a cyber-criminal masquerading as another member of staff. Organisations should monitor marketplaces, forums, social media channels, and the dark web for potential threats related to their company.
Romance scams turned extortion is a popular tactic where people are hoodwinked into playing the role of an insider threat by being emotionally blackmailed. Organisations should be vigilant and provide support to employees who may be at risk.
The conclusion emphasizes the need for organisations to focus on the human element and identify and mitigate different motivations before cyber-criminals can exploit them. By taking these steps, organisations can significantly reduce the risk of insider threats, ensuring the security of their sensitive information and maintaining the trust of their stakeholders.
Read also:
- Eight strategies for promoting restful slumber in individuals with hypertrophic cardiomyopathy
- Pharmaceutical company K.N.A. Inter Pharma joins forces with Diamond Biotechnology in an ambitious plan to transform Thailand into a leading global center for medical device manufacturing within the beauty industry.
- Anticipated temperatures may reach as high as 38 degrees
- Urgent call for collaborators during the initial phase of the VBP program launch
