WHAT IS INSIDER RISK AND WHY WORRY ABOUT IT?

The UK National Protective Security Agency defines an insider as "any person who has, or previously had, authorised access to or knowledge of the organisation’s resources, including people, processes, information, technology, and facilities." See  https://www.npsa.gov.uk/insider-risk for more details.

Therefore, an insider could be a member of staff, a supplier or export partner. 

The level of harm that can be done by somebody with privileged access to an organisation, such as through IP theft, sabotage, workplace violence or fraud can cause severe harm to important assets, reputation, legal compliance and financial success. While most organisation's security programmes focus on external threats, they miss out on the harm that can be done - physical, information and cyber - by an insider. 

Contact us if you want to know more about how Argonaut can help you understand and deal with these risks in a cost-effective and thoughtful way so that you can focus on doing what you do best. 

Accidental Insider

Unlike malicious insiders who intentionally exploit vulnerabilities, accidental insiders inadvertently compromise sensitive information or systems due to ignorance, carelessness, or lack of awareness.

While their actions are unintentional, the consequences can be severe, resulting in financial losses, reputational damage, or legal implications for the organization.

 

Negligent Insider

A negligent insider refers to someone who intentionally does not follow security rules and risks the compromise of sensitive information or systems. These insiders may possess legitimate access to company resources, but due to their lack of adherence to security protocols, they inadvertently cause harm.

A negligent insider's actions can weaken an organisation's overall security posture and set an example for future breaches.  

Malicious Insider

A malicious insider is an individual who intentionally and, potentially, unlawfully exploits their access to  sensitive information or systems for personal gain or to harm the organisation.

Whilst most malicious insiders transition from risk to threat inside an organisation and therefore do not join expecting to cause harm, sometimes a person penetrates an organisation with a view to doing just that.

Coerced Insider

There are numerous examples of individuals forced to engage in insider threat activity, such as robbery or espionage.

Like all types of insider risk, anyone can enable access for a third-party to cause harm to an organisation. 

LATEST NEWS

All rights reserved. Argonaut Advisory Ltd.

© 2024

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.

Privacy Settings

Website Translator

Privacy Settings

This tool helps you to select and deactivate various tags / trackers / analytic tools used on this website.

Select all services
Website Translator
More
More
Save Settings