Educate Employees About Unintentional and Malicious Insider Threats
Share our post
As we noted in our coverage of 2017’s The Human Factor, a threat intelligence report by Proofpoint, cybercriminals have been relying less on automated exploits in favor of social engineering tactics that launch attacks via your end users’ actions. Given that your current — and former — employees and partners have access to a treasure trove of data and systems, managing end-user risk is more important than ever.
Verizon tracked nearly 8,000 security incidents related to Insider and Privilege Misuse for its 2017 Data Breach Investigations Report (DBIR), with both malicious intent (theft and sale of confidential data, for example) and less nefarious motives (like unauthorized snooping inside of files and accounts) called out in this category. As was noted in the report, “When the threat actor is already inside your defenses, they can be quite a challenge to detect—and most of the incidents are still taking months and years to discover.”
As with other topics, education is critical to improving your organization’s defenses. Our new Insider Threat training series — which includes three interactive mini-modules — can help you combat both malicious insiders and unintentional threat actors using an engaging new feature within our training: branching.
About the Insider Threat Series
Our new mobile-responsive Insider Threat series features the following three mini-modules, each of which is designed to be completed in about 5 to 7 minutes:
Insider Threat Overview – Teaches users how to recognize insider threats and basic best practices that will help them avoid these threats.
Malicious Insider Threat – Uses real-world examples of malicious internal actors and educates end users about behaviors that can indicate threatening or harmful intent.
Unintentional Insider Threat– References real-world examples of how employees can unintentionally inflict damage to corporate data and systems. Also highlights everyday actions employees can take to prevent or mitigate unintended threats.
Furthering our vision of delivering personalized training experiences, these modules introduce a new concept to Wombat training: branching. This interactive form of education allows users to practice decision-making and critical thinking within simulated scenarios that reflect common day-to-day situations. This allows users to explore the consequences of their choices in a no-risk environment and helps them to more clearly understand how their actions can impact the security of your data and systems.