Non-malicious insiders are those who work for a company or organisation, with no bad intentions towards their employer. However, without knowing, they allow hackers access to networks or data throughout their time at a company.
This may occur from simple, everyday actions, such as sending or receiving emails- employees may make a spelling error in an email address, sending sensitive information to the wrong recipient. Similarly, employees may not understand the importance of their own cyber security practices, forming weak or obvious passwords, or accessing or discussing important information in public. Actions which may be perceived as unimportant or trivial can sometimes create a gap in security which cyber criminals can then take advantage of.
Employees are also often exploited by hackers through social engineering and phishing schemes. Spear-phishing communications can be extremely convincing, and individuals often fall victim to these tactics which hackers use to gain access, information and money.
With a large percentage of cyber attacks only made possible through non-malicious insiders, it is clear that those working for any organisation have a strong ability to affect its cyber security. Through thorough education of all employees of the importance of good cyber security, companies are able to better protect themselves against outsider threats.