The weakest link in most organizations is the employees. In fact, most security breaches involve internal users, a risk often referred to as insider threat.
What Information Might Be Targeted?
Cullison: If you look at it from a data perspective, every organization has some type of data that makes it unique – this could be a customer list or a business strategy – anything that has economic value or is a financial driver. So no organization is immune from insider threat.
Amigorena: Think about all the files and folders that are stored on your organization's internal network – any part of this information could become a target. Putting security measures in place that will track, monitor and restrict data access and movement is therefore hugely valuable. If there aren't any protocols in place for when a breach happens, by the time you find out about it, it could be too late to recover or even minimize the damage.