Opinion: The standard depiction of a cyber criminal in Hollywood is an elusive, highly trained person who compromises and seizes control of an organisation’s network from a distance, Scott Leach of Varonis writes.
However, many chief information security officers (CISOs) are equally concerned about bad actors closer to home: their own employees, who don’t necessarily need advanced security skills to cause damage.
While insider threats are not new, several recent developments have made them more of a problem. For one, the pandemic-induced surge in remote working and the trend toward increased employee turnover have made identifying and mitigating insider threats more difficult. Growing geopolitical instability can add fuel to the fire. To make matters worse, ransomware gangs have reportedly offered large bribes to prominent employees within target organisations to gain access to corporate networks.
The threat has grown so large that the Australian Security Intelligence Organisation (ASIO) anticipates espionage will supplant terrorism as Australia’s principal security threat over the next five years.