The greatest risk to organizations usually comes from their own employees.
Employees pose a special problem. Insiders can do far more damage than an outsider can do. They are in the best position to damage your company: they’re already inside; they have access and authority; they know their way around; they can move about without attracting attention; and they get paid to do it by you. They form friendships and alliances within the company that may unwittingly abet or cover their activity. They can steal inventory or proprietary information, defraud you of money, and sell personal or customer information. They can pass sensitive security information on to outsiders for use in robberies or terrorist attacks, physically hurt or kill your employees, plant viruses behind your firewalls, and cause good employees to abandon your company.
Sometimes, they don't even realize they're doing it.
Most of an organization's losses tend to come from their own employees, and outside of the security department, no one likes to talk about it.
An effective way to reduce insider risk is through an insider risk working group (IRWG). Many of the measures used to reduce this type of risk are already being done, but an effective program will ensure that all important functions are covered and there are no gaps. Managed properly, an insider risk program will improve security awareness by all, reduce risk, and engage employees.
Bridgehead Security Consulting can help you to establish and train your IRWG and provide guidance as you implement your program.