Alongside the war in Ukraine, the cost of living crisis dominates world headlines. While there has been plenty of attention on the elevated cyber threat posed by Russia, very little has been said about how people struggling to make ends meet may impact an organisation's cybersecurity.
But why would the price of fish impact your cybersecurity? In times of economic hardship or crisis, the risk posed by insiders goes up. Human factors remain the easiest path to gain access to places you're not invited. Consequently threat actors will target employees with bribes in order to facilitate virtual or physical access to facilities. Desperate workers may seek to illicitly obtain funds or intellectual property for their own benefit or others.
A reliable way to consistently consider the insider threat can be broken into three categories:
1 - Witting and malicious: They have a grudge or are fearful of losing their jobs and seek to increase their income/value recognising their actions could damage their company;
2 - Witting and non-malicious: They feel pressured and consciously circumvent controls in order to get the job done, but did not intend to damage their employer; and
3 - Non-witting and non-malicious: The employee just didn't know what they were doing could cause harm to their organisation.
Typically, where organisations even consider the insider threat they focus on malicious insiders. A coalition from across the organisation of operations, legal and technology specialists are needed in order to prevent disruption, fraud or loss of IP.
Tools alone won't mitigate this risk - they might detect it, but by then it will be too late and your crown jewels or cash may already be in the hands of someone else.