I C T M AT T E R S
CYBER SECURITY
Cyber Security: Looking inwards
O
GARY HENDERSON, ANME Ambassador and director of IT at Millfield School, discusses why we should be looking at the internal risks as well as the external risks when considering Cyber Security
ften when looking at cyber security, and by association at data protection, we focus on the external risks. We focus on: ● managing vulnerabilities which an external threat might use to access our systems and data ● on managing and monitoring the areas on our network where an external threat may gain access ● managing the security of our data solutions in relation to attempts at external access.
24
Summer 2022
We look outwards for the dangers, and I suspect, given all we constantly see in the press regarding organisations suffering externally driven cyber incidents, this is becoming all the more common. Yet a recent article regarding a disgruntled ex-IT staff member got me thinking that maybe we aren’t sufficiently considering the internal risks. ACCIDENTAL DISCLOSURE I feel accidental disclosures of data go largely unreported and therefore any statistics in relation to how often they
happen would be massively underrepresentative. Accidental disclosure might include where data is disclosed by accident in an email or via sharing functionality. The most common scenario is when the email is sent accidentally to the wrong person. Although sharing functionality in Google and Microsoft also allows for sharing files with the wrong person or for permissions to be misconfigured accidentally, allowing unintended users to have access. We need to accept that mistakes will happen, and I am afraid this will