$4
Until today, there is no foolproof solution to address the cyber security risks arising from human threats. While it’s easy to implement technical solutions to switch a mechanism on or off to block or remove a threat, it is not possible to totally do the same against human actions or behaviour.
The majority of cyber attacks start with successful entry to the target environment or access to confidential and personal information by exploiting human weakness, also known as vulnerabilities, contributed by human factors.
This eBook explains insider threats, the weakest link in an organisation’s cyber security ecosystem, and outline the measures required to safeguard, combat, and recover from the related cyber risks.
Why is an Insider Threat a Big Concern?
An insider knows (or can quickly learn) where the company stores its most valuable data and about the strengths and weaknesses of the company’s cyber security policy.
An insider with malicious intent, with legitimate access to your IT environment and assets, will not trigger any warning or alerts as he goes about his assigned official tasks or activities.
A malicious insider will know how to avoid having his malicious activities detected during the act. Accidental insiders may be tricked or manipulated into malicious acts that technical controls fail to detect and block. Negligent insiders may not always comply with policies and procedures, leading to the same outcomes as those of accidental insiders.
——————
Here are the two avenues where human vulnerabilities are exploited in cyber attacks:
1. Insiders—your staff, contractors, vendors, trusted collaborators, or partners within the organisation—adopt a weak security posture or possess vulnerabilities that are easily exploited to provide an initial entry point to your environment.
2. Insiders display inherent ignorance, carelessness, emotional attributes, or other weaknesses that are easily exploited for the benefit of malicious actors.
Amelia is a finance professional with over 25 years of leadership experience in corporate banking. Her deep knowledge of Information Security Risks and Controls has helped diverse corporations with the due diligence and controls to operate smoothly with high availability of follow-the-sun global support, leading to increased customer satisfaction and growth. Her accomplishments encompass strategic finance technology including Global Production Support, Global Transaction and Treasury Services (TTS), Application Command Centre, and Technology Centre of Excellence.
After leaving the banking industry, Amelia joined Singapore Management University (SMU) as Academic Director at SMU Financial IT Academy (FITA) to provide financial-service-related technology-management training to working professionals.
Amelia is the CEO of AgilenLite Pte Ltd which she founded in 2017 to provide consulting and training in cyber security, cloud computing, Agile IT project management, and anti-money laundering.
Between 2017 and 2019, AgilenLite delivered training to more than 1,500 working professionals including working professionals from the banking and financial service sectors.
In 2019, AgilenLite led a professional conversion programme for cyber security and cloud computing. This annual programme, known as The Technology in Finance Immersion Program (TFIP), is managed by both IBF and Workforce Singapore (WSG) and gives working professionals three months’ training in cloud computing and cyber security to help them transit into the financial services industry.
Amelia continues to work closely with IBF, SMU, financial service organisations, and technology experts, helping them to stay ahead of the curve in cyber security and other emerging technology trends.
She believes that everyone needs to be equipped with the best knowledge available for a fair chance of finding their passion and developing their skills. Finding our passion helps us reach our fullest potential with vigour and zest for life while helping others do the same.