THE HUMAN FACTOR: WHY YOUR EMPLOYEES MAY BE YOUR BIGGEST CYBER SECURITY RISK
Cyber security experts gathered in London this week to discuss why employees can be their own organisations’ worst enemies – and how to tackle the problem – at a roundtable hosted by Balabit.
Introducing the discussion, Bob Tarzey, an analyst and director at Quocirca, said “anybody can do something stupid” and become an accidental threat. But at the other end of the spectrum, there are also malicious insiders who work against their own companies.
Dr Lee Hadlington, senior lecturer in cognitive psychology at De Montfort University, said the human factor is “the most complicated element that you could ever engage with” and explained that there are many different reasons why employees go rogue.
“That might be someone who is disgruntled,” he said. “They could have a financial motive at their heart, personality factors, amorality, extraversion, opposition to authority…”
It was suggested that vetting could help to screen out employees with these traits, but Hadlington argued that by building a profile of an insider threat, firms could actually “miss out on the unknowns”, letting other malicious actors in and sending away talented hires.
“Working in the area that I have been for the last five years – cyber security – my default setting is paranoid,” he told the group of information security experts.