Professional Documents
Culture Documents
Cis Paper 111
Cis Paper 111
External threats for cyber terrorism are a lesser worry for financial institutions when
compared to internal threats. The primary causation for an insider threat is not malicious, it is
Ponemon Institute, among a total of 874 cyber attacks, 568 were caused by employee
ignorance (Ponemon, 2016). These data breaches can come from employees not respecting
their company’s internal controls. Some examples of this include sharing passwords, using an
unsecured internet connection, and/or using a business device without a password. Companies
often give unrestricted and excessive access to more employees than required. Although
human error is the leading cause of cyber attacks, there are certainly attacks with harmful intent.
Some insider threats result from an anger-driven employee or a current employee trying
to gain extra income. This category separates itself from human error to the intention of harming
the institution. A current employee with an immense amount of access will have knowledge of
exactly what resides on the networks and how to gain access to them. Employees may engage
in this to commit fraud, destroy or manipulate data, or disclose sensitive information. In 2018, a
study reported that 90 percent of cybersecurity professionals stated that their company is
Many financial institutions do not have the appropriate controls to detect and prevent a
cyber attack. The cost to implement a high-scale security system can be too expensive for some
institutions, but receiving an attack is often more costly. The average cyber attack in 2018 cost
the company an estimated five million dollars (CSO, 2018). A company that gets attacked may
fall into bankruptcy if they do not have a large income. This is forcing companies to maintain the
The most basic steps that will improve cyber security will make it more difficult for
hackers to find vulnerabilities. Training staff members on the potential of an attack is critical.
Employees need to be taught to strictly obey the companies controls to limit the possibility of
attack. The environment of vulnerabilities is constantly changing which will require companies to
constantly update and test the staff. With human error being the most likely causation,
ALi, Zehra. “Insider Threats - 2018 Statistics.” United States Cybersecurity Magazine, 21
Feb. 2019, www.uscybersecurity.net/insider-threats-2018-statistics/.
Fruhlinger, Josh. “Top Cybersecurity Facts, Figures and Statistics for 2018.” CSO
Online, CSO, 10 Oct. 2018, www.csoonline.com/article/3153707/top-cybersecurity