Читать книгу You CAN Stop Stupid - Ira Winkler - Страница 31

Malice is the intent to cause loss to an organization. User malice can take many forms. Sometimes it simply involves theft for personal gain. This theft can be money, physical equipment, data, other valuables, and so on.

Other times people are motivated to cause loss out of revenge for a variety of perceived wrongs. Many organizations are notorious for poor working conditions or their general mistreatment of employees, and it is inevitable that some employees may act out. In these instances, the people might commit theft, destroy property or data, or sabotage the organization's processes or reputation to reduce sales, productivity, or efficiency.

According to Dr. Martha Stout in her book, The Sociopath Next Door (Harmony, 2006), sociopaths make up approximately 4 percent of the population. The FBI estimates that an additional 1 percent of the population will become psychopaths (see www.leb.fbi.gov/articles/featured-articles/psychopathy-an-important-forensic-concept-for-the-21st-century). Combined, this means that 5 percent of the population might do harm if given the opportunity. This can take the form of the previously discussed personal gain or revenge. However, some of these people sometimes just create damage for their personal entertainment.

Frequently, malicious users may work with outsiders. Malicious users can solicit the support from the outsiders to assist with their acts. Alternatively, they can facilitate the crimes of outsiders who approach them. There are a variety of reasons for both scenarios. Whatever the scenario, it is important that you acknowledge it as a possibility.

NOTE Not all user malice comes from greed or hostility. Some users are coerced or manipulated by outside parties. Others find themselves in a desperate financial situation and perform actions that they normally wouldn't. It is important to recognize that it isn't only disgruntled users who can become malicious users.

Malice has caused loss across every industry, so it is important to recognize that UIL may not always be the result of some type of unintentional action. There is frequently a focus on awareness to stop unintentional UIL, but any security or loss mitigation program that does not also consider and mitigate actions due to intentional UIL will fail. Even though an aware user might be one of your best defenses, an aware user can also be your worst enemy if their intent is to use their awareness against you.