The Insider Threat

According to the latest UK Cyber Breaches statistics, three-quarters of large organisations suffered a staff-related breach and nearly one-third of small organisations had a similar occurrence within the last year.

That’s why the topic for the East Midlands regional cyber security forum last Autumn was “insider threat!”

The East Midlands branches of the Institute of Information Security Professionals (IISP) and the UK Cyber Security Forum, regularly join together with the East Midlands Chambers of Commerce to put on events that provide a platform for those with an interest in cyber security to come together.

East Midlands Cyber Security Forum partner organisations

So what is the insider threat?

Insider Threat October 2015 Event cover image

An insider threat is most simply defined as a security threat that originates from within the organisation being attacked or targeted, often an employee or representative of an organisation or enterprise.

An insider threat does not have to be a present employee or stakeholder, but can also be a former employee, board member, or anyone who at one time had access to proprietary or confidential information from within an organisation or entity.

Insider threats can be both intentional and unintentional, and the term can also refer to an individual who gains insider access using false credentials but who is not a true employee or representative of the organisation.

What insider threats were covered?

David Benford, Managing Director at Blackstage Forensics Limited, delivered the main presentation for the evening, which concentrated on how information obtained from social media could help cyber criminals.

We then had a couple of case studies to give real-life examples of how organisations have tackled the insider threat.

Gill Ince, Head of Security, Risk and Information at HMRC looked at the insider threat from two perspectives: deliberate and malicious action; she also advised on some of the mistakes and errors which can cause security problems.

Simon Heron, Chief Technical Officer at Redscan, then gave a brief overview of how, as an SME, his organisation had attempted to tackle insider threat.

See all the resources from the Insider Threat event

Looking ahead – what’s in store for 2016?

Planning is already in full swing for this year. The next East Midlands Cyber Security Forum event will be on January 28th at De Montfort University in Leicester, looking at Internet of Things security.

80% of the attendees at the Insider Threat event said they would be very or extremely likely to recommend it to a colleague. So why not come along next time, we’d love to see you.