Human Factors and the Insider Threat - Research Paper Example

Human Factors and the Insider Threat Human Factors and the Insider Threat‎ With the increased use of internet throughout the globe, there is an increase seen in the cybercrimes as well. In order to maintain the cyber security of people under their fundamental right to be secure, it is necessary to assess the human aspects and challenges of cyber security. Cyberspace increases our social interactions, social performances, improves business models, and all in all it makes our personal lives better and interactive through communicating anywhere in the world. But on the other hand, there is a range of security problems that may take place affecting the lives of the people engaged in cyberspace. The cyber security is a framework which enables the users to protect their cyber assets through preventing, detecting, countering and recovering the cyber incidents (Mehan, 2008). Although many practitioners assess the cyber security as a technical approach, there are many human aspects of acquiring cyber security. It is important to understand the significance of human contribution in the cyber security processes. Incorporating human behavior into the process can lead to a more efficient use of cyber space and reduction in cybercrime. Cyber security is dealt with not only access to technology but also to the understanding of the human user. There are many aspects of human behavior that make the cyber security processes effective in which education and training play an important role. It has been a long debate that technology advanced and gives the humans a better way of living but due to the human behavior, most of the times the technologies are exploited, wasted and misused. It is important to use the cyberspace without interfering and annoying other users. This will reduce the amount of cybercrimes which includes hacking, transferring the data and others. With effective human factors, a cyber environment can be created which provides the users with all the functions along with personal and national security (Shinder & Cross, 2008). There are many challenges in managing the human aspects of cyber security. Cybercrimes take place at a high rate including personal information being leaked, invasion in the data of national concern, hacking accounts etc. The reasons for the cybercrimes may be many from personal to professional. Any person who has the expertise in computers and cyberspace can hack or access any user’s information. Many times it is unknown to the user that who committed the action. However, managing the cybercrimes can be very challenging as recently seen it has become a challenge for the law enforcement agencies as well. As the newly emerged type of crime, the national security departments and law enforcers of many countries are making efforts to manage the number of cybercrimes occurring in year. They have been successful to a certain extent but are still facing plenty of challenged in fighting cybercrime (Schell & Martin, 2004). Many of the organizations nowadays use information technology to carry out their activities, save business models and other important purposes. This increases the rate of cybercrimes in organizations. Organizations have external and internal cyber but internal attacks are yet more harmful to the business than external. Often business managers think that the insider is the IT worker who has the access and expertise to the data information of the system, however this is not true. An insider can be any employee who has the knowledge about computers and data management. Nowadays the insiders are a major threat to many organizations and their acts can be threatening to the business cost and reputation. Insiders can also be the non technical employees working in the business and using computers at workplace because in this century, humans tend to have a better understanding of technology than in the past. In order to manage the human factors in organizations, the business should enforce policy measures of using technology; hire security professionals and applying cyber controls. The human factors of cyber security and the insider threats are evident through the examples of Lockheed Martin Company and Boeing Company both of which are huge companies facing cybercrimes (William, 2008). Lockheed Martin Company: Lockheed Martin Company is a global security, aerospace and defense company. It uses immense advanced technologies and IT services. The basic mission is to provide the US government with IT services and systems integration. Their business operates with the US Department of Defense and the federal government agencies. The company holds a global position and thus employs more than 100,000 people worldwide. Since most of the employees are IT professionals with expert knowledge and the company dealings are through cyber networking, the company has long experienced cyber threats and cybercrime through insiders and external sources. Major events took place in the past two years because of which the company has taken serious actions and it has been a wakeup call for many other organizations (Brenner, 2010). Lockheed Martin faced a cyber attack in 2011 which used the previously stolen EMC files. However, the company had managed to stop the malicious attack before there was any attack to the critical data. In 2008 October the company launched the cyber-defense operations due to the many cyber attacks that took place. It was however, shocking for the company that hackers were targeting a company which was specialized in defense against them. On 21st May 2011, the company’s networks were attacked immensely and it was reported that it caused major internal disruption, but no customer or employee’s personal data was compromised. However much of the information is not publicized. Lockheed Martin partnered with the Department of Defense Cyber Crime Center which is a digital forensic lab in order to maintain the cyber security after the immense number of threats they received. The company’s suppliers have also been targeted and the nature of the supplier’s services. The center provides security to the company’s services, suppliers and data networking to protect the company from external and insider threats and vulnerabilities (Brenner, 2010). Threats and Vulnerabilities of Lockheed Martin: The company has carried out immense actions to deal with the security threats and vulnerabilities to lower them to the extent possible. In 2012, Lockheed Martin received cyber security threat information, and in order to assess the vulnerability the company carried out an analytical approach which protected the cyber environment of the company. A comprehensive security vulnerability assessment is drawn to ensure that the weaknesses have been mitigated. The vulnerabilities and threats to the company, according to the past events, came from insiders and external sources both. The Boeing Company: The Boeing Company is an aerospace and defense company which deals in various multinational aircrafts and defense systems. The company has a large IT department as it operates in technical systems. The company has received cyber threats since a long time about invading their systems. The multinational company employees several IT professionals, engineers, and experts to operate their systems. Cyber criminals have been a threat to the company and they can affect the company’s computer systems in order to access the data and operational functions. The cyber criminals belong to the company’s employees, partners or suppliers. This means that the company is facing inside threats which could harm the company’s services to customers and their reputation (Pour, 2006). In order to deal with the cyber threats and attacks, the company has introduced many methods and techniques. The company has introduced a One-Time Password for the suppliers to access to the information. They have managed their supplier identity so that the information is not accessible to a large number of employees. According to the past events of cybercrimes in the company, many employees or suppliers have tried to steal the login credentials and access to the unauthorized information. The Boeing Company has taken many steps to reduce the cyber attacks made on the company’s operational services. They have an effective defense system which monitors the cyber activities of all the employees giving them the security of their personal information. This is important because insiders can harm the company immensely than the external sources. Boeing has made huge investments on the cyber security to ensure that their operations are secure. Cyber attacking on Boeing means to attack on the national security and thus, severe actions are taken against criminals who are identified through the forensic examinations (Pour, 2006). Threats and Vulnerabilities of Boeing: Since the cyber attacks on the company are increasing, there is a need to adopt the information security framework and ensure that it is clear. These software vulnerabilities tend to increase the exposure of intellectual property to the unauthorized users. There has also been an increase in the insider threats to the Information Technology infrastructure and proprietary information. Thus the company adopts a methodology for the security risk management to be effective on the security threat environment. The framework is prevention, detection and then response. References Brenner, S. (2010). Cybercrime: Criminal Threats from Cyberspace. NJ: ABC-CLIO Mehan, J. (2008). CyberWar, CyberTerror, CyberCrime. NY: IT Governance Ltd. Pour, M. (2006). Emerging Trends and Challenges in Information Technology Management. Tononto: Idea Group Inc (IGI) Schell, B. & Martin, C. (2004). Cybercrime: A Reference Handbook. NJ: ABC-CLIO Shinder, D. & Cross, M. (2008). Scene of the Cybercrime. London: Syngress William, S. (2008). Computer Security: Principles And Practice. New Delhi: Pearson Education India Read More