Dear Bloggers,

To coincide with our reading from week 4, I've found an article giving us better insight into insider threats.

In opposition to external threats which are often reported, there is, more often than not, a lack of reporting regarding insider threats for two reasons: organizations either didn't know about the threat or didn't want to report the threat. While companies seem to be all geared up to fight the good fight against external threats, they simply are not "prepared or equipped" (Cortiss, 2012) to battle the threats from inside the organization.

Our author details in the article that while malicious threats from organization are low, incidents regarding "erroneous or accidental breaches" (Cortiss, 2012) are happening at a rate that in a cause for concern. Examples of these include choosing 'reply to all' instead of just a simple 'reply' and sending email not only to the person you intended to send the email to but also to the entire global address book.........oopsie!

Threats from inside the organization are coming more popularly in the forms of third party contractors, blending personal and work information on the same portable device, and in conjunction with that, a "phenomenon" (Cortiss, 2012) our author describes as BYOD or Bring Your Own Device.

It's up to the organization to be proactive and implement security training and make sure their employees know what they can do regarding "appropriate custodial care of data" (Cotriss, 2012) to be a safer organization.

Until next time......


Reference
Cotriss, D. (2012, July).Danger within: Insider threat. Retrieved from http://www.scmagazine.com/danger-within-insider-threat/article/245432/