This brief examines the often overlooked threats from within. Attention has focused primarily on external threats with federal government and industry reports revealing alarming hacking and identity theft statistics. However, threats from within both public and private sector organizations may be even more prevalent than external threats and can have equally if not more serious consequences.
"While technology has allowed state government employees to work-on-the-go and online citizen services are available around the clock, these advances have contributed to greater opportunities for security breaches. In many instances, these risks are the consequences of technological convenience afforded to those inside state government," said Brenda Decker, Chief Information Officer for the State of Nebraska and NASCIO Security and Privacy Committee Co-Chair.
This brief discusses five significant insider threats and provides insight on ways to prevent, detect and respond to them. The threats are as follows:
- Malicious Employees
- Inattentive, Complacent or Untrained Employees
- Contractors and Outsourced Services
- Insufficient IT Security Compliance, Oversight, Authority and Training
- Pervasive Computing-Technology is Everywhere and Data is on the Move