{"id":7919,"date":"2016-10-18T15:57:11","date_gmt":"2016-10-18T14:57:11","guid":{"rendered":"https:\/\/amtivo.com\/uk\/standards\/\/\/threat-from-within\/"},"modified":"2025-12-15T16:18:24","modified_gmt":"2025-12-15T16:18:24","slug":"threat-from-within","status":"publish","type":"standard-post-filter","link":"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/threat-from-within\/","title":{"rendered":"The Threat From Within"},"content":{"rendered":"

Last month, we reported on Yahoo\u2019s biggest ever data breach affecting over 500 million users. In reality, barely a day goes past without a big corporate falling victim to a hacking attempt. <\/span><\/em><\/p>\r\n

It\u2019s a very real issue \u2013 the online world we live in is full of opportunity, but also risk. Which is why safeguarding information is paramount. Learn how ISO 27001 certification<\/a> can enhance your information security management, or explore our full guide to ISO 27001<\/a> for comprehensive details.<\/span><\/p>\r\n

Government is urging small businesses to take preventative measures too, following their figures showing 60% of small businesses becoming victim of a cyber breach during 2014.<\/p>\r\n

The Elephant in the Room<\/h2>\r\n

Despite the warnings, it\u2019s understandable for small business owners to be sceptical of the chances of being targeted by a crack team of hackers. And yet, there\u2019s always been an ever-present threat that could easily become a real-world nightmare. It\u2019s not a new malware threat, or phishing scam \u2013 it\u2019s our own people.<\/p>\r\n

More than 60% of security events are the result of an inside attack. In some cases, insider threats can be more<\/em> financially damaging and more difficult to defend against. After all, external threats involve someone trying to break in, whereas your staff already have the keys to the front door and knows where the family jewels are stored.<\/p>\r\n

More than 60% of security events are the result of an inside attack<\/span><\/h4>\r\n

The majority of \u2018breaches\u2019 are from people unintentionally compromising your company\u2019s security \u2013 Kaspersky Lab\u2019s research shows that 42% of confidential data loss is by staff<\/a>. They don\u2019t mean to, it\u2019s just that the nature of their job gives them direct access to highly sensitive data. How much information do your IT personnel have access to, for example? The most common answer in a small business is \u201ceverything\u201d.<\/p>\r\n

However, it\u2019s not just human error or a lack of controls that let us down \u2013 disgruntled employees are a major source of data breaches. According to the National Cybersecurity Institute, it\u2019s become a top concern over the headline-grabbing hacks.<\/p>\r\n

Oft-cited examples include sales people who walk into new jobs with leads and important company information from their previous employer.<\/p>\r\n

With this sort of scenario, a solid process for when people leave the company is an obvious answer to minimise the risk. However, behaviours need to be monitored too. If work performance drops off, for example, then it should raise a flag.<\/p>\r\n

\r\n

40% of people who have access to a corporate infrastructure use the same login on other sites such as Facebook<\/span><\/h4>\r\n<\/blockquote>\r\n

A spat that can turn into someone being fired can be a catalyst for revenge. A company that doesn\u2019t have the right protocols in place are then suddenly incredibly vulnerable. Instances of systems being corrupted, important data being deleted and company secrets being shared with competition are commonplace.<\/p>\r\n

This problem can be managed with good processes \u2013 every business should have plans in place for these kind of \u2018what if\u2019 scenarios. However, the reality is, employees who are fully engaged and appreciated are less likely to be motivated to commit a crime on the job.<\/p>\r\n

Fixing the Basics<\/h2>\r\n

Cyber and data security may sound complicated and expensive, but in reality it\u2019s simple \u2013 and free \u2013 to make big impacts with small steps:<\/p>\r\n