For three years, researchers from the Faculty of Mathematics and Informatics at Vilnius University (VU), together with an international multidisciplinary research team, have been investigating human capabilities and risks at all stages of the cyber kill-chain chain.
Can a dissatisfied employee pose a threat to the company?
The definition of insider threat may seem to refer only to malicious individuals who infiltrate an organisation to gain access to certain secrets, or to angry, vindictive employees who destroy or damage important information or equipment when they leave work. This is probably the place where the images of a famous spy movie come to mind. If we search the media's historical records, we would certainly find such examples in Lithuania, too, without the need for fiction. There are various reasons why people behave as they do.
Does it seem to be just a question of values? Has anyone ever thought of themselves as an internal threat to the organisation? Someone who thinks that he or she is abiding by the existing moral norms that are valid in society and do not take some kind of revenge action that goes beyond the bounds of legality. The definition of an insider threat does not include only current or former employees who are specifically malicious. Some incidents are the result of unintentional actions.
Cyberpsychologist prof. Stefan Sütterlin says: “Even any one of us can at some point be an insider threat to an organisation. A typical example is the unintended leakage of sensitive data that was negligently sent to the wrong recipient. On a different note, a very often underestimated risk factor for insider threats lies in the hand of the organisation itself, and how it reacts to possible cases. Insensitively conducted investigations amongst innocent employees cost trust and loyalty towards the employer, planting the seed of disappointment and detachment.”
How to protect yourself from cybercrime?
Curious about enhancing cybersecurity skills, preventing insider threats, and essential consumer insights on cybersecurity? Join the event on December 7 for the concluding event of the ADVANCES project: “Stronger Together - Collaboration in Building Cyber Resilience” at the Scholarly Communication and Information Centre.
In the conference, we’ll delve into the societal aspect, focusing on individuals targeted in cyber attacks. The agenda features presentations from partners and guests, including a panel discussion on education extending beyond the cybersecurity community. A professor will address the psychological origins of insider threats. The ADVANCES project eagerly welcomes those recognizing that cybersecurity concerns us all, emphasizing the importance of not leaving its challenges solely to professionals.
