DEALING WITH THE INSIDER THREAT 2
Dealing With the Insider Threat
Insider threats are malicious threats that an organization is exposed to through people
from within that organization. These people may include employees, former employees, business
associates and other stakeholders who are responsible for the day to day running of the
organization. Security threats, therefore, result because these people have a lot of information
concerning the company that may be leaked to malicious people or can be used by the insiders
themselves to sabotage the operations of the organization (Aldhizer III, 2008). Kelly suggests
that the biggest threat to an enterprise is the end users who are mostly targeted by attackers
because they are considered the weakest link to breaking into the security systems of that
organization (2006). They can not only be influenced and lured into sharing critical information
with outsiders but can also take part in malicious activities especially in cases of conflict because
they have an understanding of the security protocols and have legitimate access to the computer
systems of the company.
Technical solutions will, therefore, solve part of the problem but it is not the ultimate
solution. According to Kelly (2006) banking on security technologies alone cannot guarantee the
security of an organization. Resources have to be allocated to finance training programs for
employees and other internal stakeholders of an organization. Due to ignorance, employees
sometimes give out information without knowing the intentions of the other person or without
their knowledge that what they are sharing may have catastrophic impacts on the organization if
it is used by malicious people against it. With that in mind, senior members of staff and other
decision makers in an organization have to ensure that both technical measures and training
programs have to be applied to improve insulation against external attackers.
