Cybersecurity: The Human Factor

People are the weakest link in any cybersecurity system.  Conversations about the cyber issue typically focus on systems, the primary targets of hackers and cyber criminals, as opposed to the people using them. Hackers can always count on the “human factor”— whether it’s an innocent mistake or calculated malfeasance—to help them gain access to an otherwise secure system.

Malicious insiders are usually disgruntled employees who retaliate against their employers (or former employers) by exploiting their understanding of or control over the network in question. Due to network privileges, insiders have the capability to do incredible damage.  For example, in 2008, a network administrator for the city of San Francisco was fired and subsequently locked the entire city administration out of its own network. He was able to use his privileged position to hurt the city government in a way that few outsiders could. Malicious insiders also sell or release confidential information that belonged to their employer. Edward Snowden, the former National Security Agency contractor who leaked classified documents that exposed NSA global surveillance activities, is arguably the most famous example of this type of insider threat.