If you look at the number of hacking incidents that have been reported 58% of the incidents are known or suspected to have come from outsiders, 27% from insiders, and 15% from an unknown origin.
That is to say it is the very employees of an organisation are responsible for about 30% of the over all hacks. Disgruntled employees, in particular system administrators are in a prime position to sabotage their former businesses and with the onset of the recession the number who might be tempted to take data with them (or even worse, cripple the system) when they leave is ever increasing.
The threat from insiders is far more dangerous than that of an external hacker – insiders know how the system works and are in an excellent position to cause chaos and then expertly cover their tracks.
What can we do? Well if you do have to make someone redundant or need to fire them – make sure they don’t see it coming so they have no time to prepare and no time to retaliate. When they are in the bosses office hearing the news you need to be disabling their user account and all of their access to the system. If you don’t do this then you risk a major security breach.
In an ideal world each user should only have access to the data that they need in order to do their job. Other methods such as two person control should also be in place for important tasks such as removing money or making external payments. System administrators should review each others logs on a regular basis to ensure nothing untoward is occuring.
Insider threat is very real and cannot afford to be dismissed.
Tags: hacking, Insider threat