Insider Risk

Why Trust is not Enough

By Veriato Team

Typically “insider threats” are defined as individuals with malicious intent: the employee who was passed over for a promotion, the developer who insists that code she was paid to develop belongs to her, the contractor who installs malware on the POS system, and so forth. However, there is another group of potential insider threats. These individuals may not have malicious intent and may be quite loyal to the company, its strategy, and its future success.

They are in a position of trust within the enterprise. From a cyber security perspective, however, the unfettered access these individuals have to some or all of the company’s sensitive cyber assets is cause for concern. Consequently, these individuals are in what may be defined as “high-risk” positions. Not that the company has a reason to be concerned about the intent, motives, or loyalty of these individuals under normal circumstances.

However, it is possible that the access these people have to high-value and critical assets may be used in ways other than for the intended company purposes.

Trusted insiders may use their access to satisfy their curiosity. Imposters may steal their authentication credentials. It may even be possible that these people may be placed under excessive duress – such as from a credible threat of physical harm against family members. Even if individuals in high-risk positions remained loyal and dedicated to the company, attackers could leverage their privileged access such that the company could be made to suffer irreparable harm.

Furthermore, malicious intent is not the root of insider threats. Consider, companies necessarily need some individuals with elevated system access to perform certain roles. The individuals in these high-risk positions are necessarily entrusted with access to valuable cyber assets – and most of these individuals perform their regular duties with loyalty and dedication to the company.

Surprisingly, though, these same people through simple negligence cause 68% of insider incidences. Intent is not the root of insider threats authenticated access to assets is.

How to Rebrand
“Bossware”at Your
Company

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida. Risus

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Employee Monitoring Resources

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...

When To be Suspicious About Work-From-Home Employees (or Not)

When To be Suspicious About Work-From-Home Employees (or Not)

Perhaps someone doesn’t answer a Slack message as quickly as they should, or they have long hours blocked on their calendar. Maybe someone doesn’t seem motivated during team meetings or they are slow to complete work. While research has shown that overall,...

Avoid These Employee Monitoring Blunders

Avoid These Employee Monitoring Blunders

In September 2021, 45% of full-time employees were still working remotely, and the trend is hard to reverse. People like the freedom of working from home. Without a commute, they save time. Without a boss looming in the background, they can multi-task at home. And,...