Bangkok: Insider threats, a silent and often overlooked danger within organizations, emerge as a significant cybersecurity concern. As verified by Air Vice Marshal Amorn Chomchey, Secretary-General of the National Cyber Security Committee, in an interview on April 23, 2026, these threats arise when "insiders," such as current or former employees and contractors, exploit their access to an organization's systems and data, inflicting damage that can exceed expectations.
According to Thai News Agency, insider threats are responsible for over 80% of hacking and data breaches. These threats can be unintentional, caused by negligence or lack of knowledge, such as inadvertently clicking on phishing email links or system misuse leading to data leaks. Alternatively, they can arise from malicious intent, where individuals might steal confidential information or misuse login credentials for personal gain.
Organizations are encouraged to adopt a dual-faceted defensive strategy to mitigate these risks. First, they should establish clear rules and provide comprehensive cybersecurity training to raise awareness and prevent unintentional incidents. Second, implementing technical inspection measures, like restricting computer and email access and using systems to detect abnormal behavior, is crucial.
A critical aspect often overlooked is the "off-boarding" process. When employees leave, organizations must ensure all company IT equipment is returned, user accounts are disabled, and access permissions are revoked to prevent former employees from accessing company data.
In conclusion, insider threats are invisible dangers that require proactive measures beyond strong firewalls. Organizations must focus on appropriate access control and cultivating a culture of security awareness among employees to prevent potential damage from these silent threats.