HR Capability, HR technology and systems, Legal

The (cyber)threat from within

By Rachael Brown, HRM Online

“Life is short. Have an affair.” So goes the tagline for dating website Ashley Madison, which matches married people looking to have an extramarital relationship. However, the hack and subsequent release of the extremely sensitive personal information for its 37 million users reveals that life, especially in cyber space, is also insecure.

Breaches like this have happened to private and public sector organisations before, but the number, type and sophistication of threats continues to grow and can encompass cyber espionage, crime or attacks. The stakes are very high for some, especially organisations that keep records of sensitive user data that has severe real-world consequences if made public. Losses can amount to more than just financial or system damage – reputations and personal safety are also on the line.

Although the majority of attacks come from external sources, an increasing number of cyber attacks start internally. A 2013 study from security firm Clearswift says one in three employees would sell company secrets for $10,000. Some employees don’t even require monetary incentive; access to company data or intel in the hands of a disgruntled employee can spell disaster.

In an interview after the initial release of data, Noel Biderman, CEO of the company that runs Ashley Madison, said: “We’re on the doorstep of confirming who we believe is the culprit … It was definitely a person here that was not an employee but certainly had touched our technical services.”

Clearly, one person can do a lot of damage. However, not all internal breaches are done maliciously. Employees must understand the role they play in safeguarding against data breaches. Certain departments are more likely to harbour potential cyber security threats as the very nature of some roles mean individuals that work there are given access to sensitive information: finance, information technology and senior management are just a few examples.

The Ashley Madison incident means cyber security is once again making headlines. The reality of today’s business is that all organisations connected to the internet – and that would be most of them – are vulnerable to cyber attacks from within. How can companies hope to protect themselves from a breach when the biggest threat might be within their own walls?

HRMonthly magazine will be featuring an in-depth look into internal cyber threats and what companies can do about them in its October technology issue. To get the full story and receive your copy of this important issue, become an AHRI member today.

Subscribe to receive comments
Notify me of
guest

0 Comments
Inline Feedbacks
View all comments
More on HRM
COVID-19
COVID-19 has accelerated, not disrupted, HR trends
21 May, 2020 5 minute read
HR Capability
What HR looks like in Emergency Services
5 November, 2019 5 minute read
Certification
What happens when an organisation has no HR?
31 July, 2018 4 minute read
HOW TO
Culture Leadership
51 per cent of people have to work overtime to account for meeting overload
5 April, 2024 7 minute read
How to's
HR’s guide to developing and presenting a board report
14 February, 2024 5 minute read
Health, wellbeing and safety
5 tips to reverse the symptoms of burnout
19 December, 2023 7 minute read
Jobs board
Senior Advisor – Clerk Grade 9/10 – Industrial Relations and Workplace – Ongoing
View this role
View all
HR Capability, HR technology and systems, Legal

The (cyber)threat from within

By Rachael Brown, HRM Online

“Life is short. Have an affair.” So goes the tagline for dating website Ashley Madison, which matches married people looking to have an extramarital relationship. However, the hack and subsequent release of the extremely sensitive personal information for its 37 million users reveals that life, especially in cyber space, is also insecure.

Breaches like this have happened to private and public sector organisations before, but the number, type and sophistication of threats continues to grow and can encompass cyber espionage, crime or attacks. The stakes are very high for some, especially organisations that keep records of sensitive user data that has severe real-world consequences if made public. Losses can amount to more than just financial or system damage – reputations and personal safety are also on the line.

Although the majority of attacks come from external sources, an increasing number of cyber attacks start internally. A 2013 study from security firm Clearswift says one in three employees would sell company secrets for $10,000. Some employees don’t even require monetary incentive; access to company data or intel in the hands of a disgruntled employee can spell disaster.

In an interview after the initial release of data, Noel Biderman, CEO of the company that runs Ashley Madison, said: “We’re on the doorstep of confirming who we believe is the culprit … It was definitely a person here that was not an employee but certainly had touched our technical services.”

Clearly, one person can do a lot of damage. However, not all internal breaches are done maliciously. Employees must understand the role they play in safeguarding against data breaches. Certain departments are more likely to harbour potential cyber security threats as the very nature of some roles mean individuals that work there are given access to sensitive information: finance, information technology and senior management are just a few examples.

The Ashley Madison incident means cyber security is once again making headlines. The reality of today’s business is that all organisations connected to the internet – and that would be most of them – are vulnerable to cyber attacks from within. How can companies hope to protect themselves from a breach when the biggest threat might be within their own walls?

HRMonthly magazine will be featuring an in-depth look into internal cyber threats and what companies can do about them in its October technology issue. To get the full story and receive your copy of this important issue, become an AHRI member today.

Subscribe to receive comments
Notify me of
guest

0 Comments
Inline Feedbacks
View all comments
Jobs board
Senior Advisor – Clerk Grade 9/10 – Industrial Relations and Workplace – Ongoing
View this role
View all
More on HRM
COVID-19
COVID-19 has accelerated, not disrupted, HR trends
21 May, 2020 5 minute read
HR Capability
What HR looks like in Emergency Services
5 November, 2019 5 minute read
Certification
What happens when an organisation has no HR?
31 July, 2018 4 minute read
HOW TO
Culture Leadership
51 per cent of people have to work overtime to account for meeting overload
5 April, 2024 7 minute read
How to's
HR’s guide to developing and presenting a board report
14 February, 2024 5 minute read
Health, wellbeing and safety
5 tips to reverse the symptoms of burnout
19 December, 2023 7 minute read
VIDEOS
play_circle_filled
HR strategy, planning and measurement
What makes HR analytics effective?
20 March, 2018 9,305 views
play_circle_filled
Culture and diversity
2 reasons why there aren’t more women in tech
26 February, 2018 7,073 views
play_circle_filled
AHRI Blog
Video: Recruiting top talent, and how to recruit women
13 February, 2018 5,671 views
We use cookies to personalise content, provide social media features, and analyse traffic. You can disable cookies at the browser level, however this can limit your experience with our website. Accept Cookies Learn More