Who’s Worried About the Insider?

A recent article by Marcia Savage Link Here, cites an (ISC)2 study conducted by Frost and Sullivan. 51% of 7,548 information security pros word wide said “internal employees pose the biggest threat to their organizations.” This is a significant number, but the industry should be more worried about the insider — especially the malicious insider. These internal threats are divided into two categories: 1) employees who do foolish things (leave their laptop in a taxi cab) 2) employees who are malicious (they look to earn extra money, or just want to harm their employer). The foolish employees are easier to deal with: first, educate them, give them some tools (disk encryption), then, fire them if they can’t protect the companies assets. The malicious employees are the ones that have motive to do great damage, the knowledge to inflict the most damage or steal the most valuable, and the access to perpetrate their misdeed. Here is where focus must be placed because it is here where the greatest damage to the enterprise can occur.