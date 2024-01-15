Cyber incidents caused by the ‘human factor’ are usually attributed to occasional employee errors, but a more important element often overlooked is deliberate malicious behaviour by staff. A new Kaspersky study found that in the past two years, 78 per cent of companies surveyed in the META region have faced cyber incidents in different forms, 23 per cent of which were caused by deliberate malicious behaviour by employees.

There are two main types of insider threats: unintentional and intentional. Unintentional, or accidental threats are employee mistakes such as falling for phishing and other social engineering methods, or sending sensitive and confidential information to the wrong person, etc. In contrast, intentional threats are perpetrated by malicious insiders who deliberately hack into their employer’s systems. They usually do so for financial gain from the sale of sensitive data or as an act of revenge. Malicious insiders aim to disrupt or stop an organisation’s regular business operations, expose IT weaknesses and obtain confidential information. Kaspersky notes that insiders with malicious intentions are the most dangerous of all employees who can provoke cyber incidents. Threats posed by their actions are complicated by several factors including insiders having specific knowledge of an organisation’s infrastructure and processes, including understanding of the information.