Insider threat - Managing people security
Published on 22 January 2020
Contents
- Introduction
- What is financial crime?
- What is ‘insider threat’?
- The Fraud Ratio
- Unusual behaviour in the workplace
- Risk areas
- What types of threat do organisations experience?
- What does the insider threat look like?
- Privileged users
- Robust recruitment
- Behavioural 'red flags'
- What can you do to protect your organisation?
- Conclusion
- Glossary of terms
- References and additional reading
What types of threat do organisations experience?
Unintentional threats come from people who, without intending to cause harm, carry out some action which damages the organisation. This could be as simple as someone clicking on a link in a phishing email or inserting an infected USB stick into their networked computer.
Disgruntled employees or former employees could pose a threat to their organisation if their accesses are not properly managed. Access includes physical access to buildings and other physical assets as well as access to IT systems, applications and other web based accounts.
Administration access rights abuses are particularly dangerous for an organisation: these happen when someone who has legitimate access to systems abuses their access rights to compromise data or exploit weaknesses in a system (see Privileged Users).