The phrase “insider threats” is sometimes used in the public domain when talking about cyber security in organisations. But do we often think about what is behind this phrase? Insider threats are people who have or have had access to an organisation's assets or resources and whose actions could cause reputational or financial damage to the organisation. These resources could be sensitive customer data such as health records, sales and purchase transactions or the organisation's intellectual property.
ADVANCES project leader Associate Professor Agnė Brilingaitė
For three years, researchers from the Faculty of Mathematics and Informatics at Vilnius University (VU), together with an international multidisciplinary research team, have been investigating human capabilities and risks at all stages of the cyber kill-chain chain.
Can a dissatisfied employee pose a threat to the company?
The definition of insider threat may seem to refer only to malicious individuals who infiltrate an organisation to gain access to certain secrets, or to angry, vindictive employees who destroy or damage important information or equipment when they leave work. This is probably the place where the images of a famous spy movie come to mind. In fact, if we search the media historical records, we would certainly find such examples in Lithuania, too, without the need for fiction. There are various reasons why people behave as they do.
Does it seem to be just a question of values? Has anyone ever thought of themselves as an internal threat to the organisation? Someone who thinks that he or she is abiding by the existing moral norms that are valid in society and does not take some kind of revenge action that goes beyond the bounds of legality. The definition of an insider threat does not in fact include only current or former employees who are specifically malicious. Some incidents are the result of unintentional actions.
Associate Professor Linas Bukauskas together with Prof. Stefan Sütterlin
Cyberpsychologist prof. Stefan Sütterlin says: „Even any one of us can at some point be an insider threat to an organisation. A typical example is the unintended leakage of sensitive data that were negligently sent to the wrong recipient. On a different note, a very often underestimated risk factor for insider threats lies in the hand of the organisation itself, and how it reacts to possible cases. Insensitively conducted investigations amongst innocent employees cost trust and loyalty towards the employer, planting the seed of disappointment and detachment.“
How can you protect yourself from cybercrime?
Curious about enhancing cybersecurity skills, preventing insider threats, and essential consumer insights on cybersecurity? Join the event on December 7 for the concluding event of the ADVANCES project: "Stronger Together - Collaboration in Building Cyber Resilience" at the MKIC.
In the conference, we'll delve into the societal aspect, focusing on individuals targeted in cyber attacks. The agenda features presentations from partners and guests, including a panel discussion on education extending beyond the cybersecurity community. A professor will address the psychological origins of insider threats. The ADVANCES project eagerly welcomes those recognizing that cybersecurity concerns us all, emphasizing the importance of not leaving its challenges solely to professionals.
The realm of cybersecurity concerns each individual, and we must not delegate its challenges solely to experts. Please refer to the provided link for event registration and the detailed program.
2023-11-30