Mitigation Strategies for Unintentional Insider Threats on Information Leaks

Abstract

Information leakage is a major concern for many organizations. Information leakage becomes critical when the perpetrator is an insider. One often overlooked on the security breach that are caused by unintentional human behaviour in organizational daily activities. Human behaviour that poses a critical risk in organization includes human error, omitted security behaviour and the practice of security shadow IT. These unintentional acts are an important source of risk to information assets especially with the current challenges brought by the social media phenomena such as Bring Your Own Devices (BYOD) to office, and social engineering attacks. Technology alone cannot guarantee a secure environment for information assets. Appropriate risk analysis, monitoring and auditing of technology, organizational culture, people and procedures are crucial strategies in managing information security management. This paper aims to discuss human errors and behavioural activities in daily job activities that are exposed to current security breaches. The mitigation strategies for current threats posed by unintentional insider activities are also presented.