Ransomware Attacks — Employees could be part of the problem

Ransomware Attacks — Employees could be part of the problem
  • Sabotage — where an employee uses their access to damage data or systems.
  • Espionage — an employee will steal information and sell it to a competitor or even hand it over to the government.
  • Fraud — the destruction, modification, or theft of data for purposes of deception.
  • Intellectual Property Theft — an employee steals intellectual property and sells it to other parties or moves it to the next position.
  1. Negligent Workers: Whereas many organizations focus on addressing insiders with malicious intent, employees’ primary challenge is negligence. Up to 60% of data breaches are caused by unintentional actions of employees, such as leaving an unencrypted device containing sensitive data in public.
  2. Departing Employees: There’s the risk of employees leaving an organization either voluntarily or involuntarily. The most common threat is the theft of data or intellectual property by employees leaving involuntarily or anticipating a departure.
  3. Security Evaders: Some employees may consider security rules to be inconvenient and a hindrance to productivity. Employees may use security workarounds that leave a business open to compromise. Cybersecurity plans and policies are designed to help protect the Company, its data, and employees.
  4. Malicious Insiders: Employees may feel aggrieved by the organization and take revenge by leaking, deleting, or distorting sensitive data. Their motivation will be purely malicious.
  5. Inside Agents: Insiders can be malicious, maybe tricked via social engineering, or coerced through bribery or blackmail to allow an external group into the company network. The insider will be providing their access credentials and associated privileges.
  6. Third-Party Partners: In some cases, not all insiders are employees. More than 90% of organizations provide their partners, suppliers, or vendors access to their networks and systems. The third parties may cause damage akin to that of employees with elevated access.
  • Conduct a regular risk assessment to grasp the potential impact of insider attacks fully.
  • Carefully manage the accounts and privileges of all employees and contractors.
  • Schedule regular security awareness training for all staff.
  • Implement 24/7 network and endpoint monitoring to detect anomalous behavior.
  • Undertake penetration testing annually to help identify security improvements to your cybersecurity plan.
  • Undertake a simulated phishing assessment to evaluate vulnerability.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
LutinX Inc.

LutinX Inc.

15 Followers

LutinX digitally protect your idea, skills and values. We are an Hybrid Blockchain Platform KYC & AML Compliance with multiple Blockchain APPs in a single SUITE