1
Insider Threat and Cybersecurity at Street Smith Company
Student name
Course Name
Institution Affiliation
Professor
Date
2
Insider Threat and Cybersecurity at Street Smith Company
Introduction
An organization must protect its systems from multiple cyber threats because insider attacks
are as destructive as external security breaches. An inside threat happens when trusted personnel
misuse their access rights to organizational IT systems (Ogunbodede, n.d). These incidents occur
by purposeful or unintended misuse. Street Smith Company is an example of a malicious insider
threat after Bradley Jones used social engineering to acquire sensitive company information.
Cybersecurity training was administered to employees only a few weeks before their systems'
successful breach.
The executives at Street Smith Company need expert insights about security breaches and
protective steps to avoid future attacks. This paper examines Bradley's position as a company
insider threat, discusses how authentication options might have stopped the attack, and evaluates
password security functions while clarifying access control principles. The paper considers the
connection between access control matrices and data integrity and the requirement for
cybersecurity policies to fortify corporate security platforms.
1. Bradley Jones as an Insider Threat
The cybersecurity risk is known as a malicious insider threat when authorized personnel
named Bradley Jones intentionally use his access privileges to harm his organization. Nassir et
al. (2024) explain that insiders face lower barriers since they initially possess access to
confidential data. The work-related discontent Bradley felt after missing out on a promotion and
anticipating job cuts became the main factor behind his hostile insider actions. His resentful and
selfish motives transformed him into a significant risk factor for organizational security.
3
Multiple indicators indicated that Street Smith Company should have detected Bradley Smith
as a security threat. Bradley chose to display his dissatisfaction through open complaints about
his professional advancement. The security issue of job protection became a crucial concern for
him, and it often emerges in cases involving insider threats. When conducting exceptional project
work, the employee manipulated his colleagues through fake pretenses of wanting file access. He
employed phishing methods by hiding a .html file beneath a legitimate document representation,
which deceived staff into giving away their login information.
The company must use User Behavior Analytics (UBA) to identify abnormal actions that
indicate employees accessing unauthorized files through unrecognized devices (Ogunbodede,
n.d). The organization must perform routine risk assessments to measure employee satisfaction
and workplace grievances. The company should deploy access logging systems with real-time
alerts that detect irregular data requests and operational systems offenses. These security
protocols increase the chances of stopping future incidents of such breaches.
2. Authentication Options to Prevent Future Attacks
Authenticating users is an essential security practice that enables approved persons to access
protected systems and data. Through phishing, Bradley acquired his colleagues' login credentials
at Street Smith Company, thus revealing poor authentication security practices at the company.
According to Ali (2022), the security approach of Multi-Factor Authentication (MFA) stands as
one of the most effective methods to stop these sorts of attacks. Implementing MFA requires
users to submit at least two separate authentication methods, creating an extensive barrier that
blocks unauthorized access attempts. Examples of authentication factors include:
•
Something You Know – A password or security question.
•
Something You Have – A mobile-generated code, smart card, or security token.
4
•
Something You Are – Biometric authentication such as fingerprints or facial
recognition.
The implementation of MFA by Street Smith Company would have prevented Bradley from
accessing sensitive files through stolen credentials because he would need both login credentials
and secondary authentication through a mobile device.
Recommended Role Authentication Policy
The company must establish a Role-Based Access Control (RBAC) framework for higher
security. This policy allows employees to access only the information and systems needed to
perform their work responsibilities (Vitla, n.d). The RBAC policy specifies that marketing
personnel must avoid accessing financial data, and IT staff must prevent viewing confidential
materials from the HR department. The organizational security benefits from RBAC
implementation because this approach minimizes unauthorized data access while reducing
insider threats.
3. Password Security and Its Impact
The breach occurred because Bradley used credential phishing against employees who fell
victim to his fake Microsoft 365 login webpage. The authentication method stood vulnerable
because employees depended solely on passwords to access the system, thus allowing such
vulnerable attacks. The incident occurred after phishing training since the organization lacked
second-factor security systems, including Multi-Factor Authentication (MFA). According to Ali
(2022), the deployment of Multi-Factor Authentication (MFA ) would have demanded an extra
verification step, which, would have blocked Bradley from accessing the system through stolen
credentials. Files remained unprotected because the company did not limit unusual login
occurrences, allowing intruders to gain unauthorized access. Strong passphrases, password
5
management tools, and scheduled password updates should be implemented at Street Smith
Company to decrease its vulnerabilities. To prevent password-based attacks, Street Smith
Company should implement both Biometric authentication systems and Single Sign-On (SSO)
security measures that deliver advanced protection.
4. Understanding Access Control
Company security relies on the essential access control process, determining which
employees and users get authorized system network and file access rights. The authorization
system protects secret information by allowing staff members to view data and perform
modifications and file sharing, thus minimizing potential breaches and internal threats. Under the
least privilege (PoLP) management system, employees should receive access privileges that
exactly match the requirements of their assigned job responsibilities (Abbas, 2024). By
implementing this approach, organizations maintain data security because unauthorized
modifications become impossible. Implementing data access restrictions will enable companies
to determine which personnel groups can view and edit their confidential information.
Companies that establish rigid admission protocols manage to minimize internal security risks
and boost their cybersecurity protection.
5. Access Control Matrix and Data Integrity
The security model known as Access Control Matrix (ACM) defines structured methods
through which users receive access to specific data and their allowed system actions, including
read, write, and delete functions, (Altulaihan et al. 2022). Data integrity needs a framework to
block unauthorized users from modifying or deleting data since this framework stands as an
essential data protection element. When Bradley tried to access restricted financial documents,
an ACM system would stop him from proceeding while keeping a record of the incident and
6
sending an automatic notification to security staff (Mohamed et al., 2022). Implementing an
Access Control Model (ACM) at Street Smith Company will enable transparent access controls
that ensure external and insider threats cannot affect business-critical information integrity.
6. Importance of Cybersecurity Policies
Organizations need cybersecurity policies as their basic security system because these
guidelines establish employee protocols and risk management strategies while defining security
standards (AlDaajeh et al., 2022). The cybersecurity policies reach beyond system software
maintenance because they focus on protecting human assets involved in security operations. All
organizations experience significant threats from their workforce because employees either show
poor judgment or have inadequate security knowledge. Employee security training must run
continuously, while phishing tests and awareness sessions must remain mandatory because they
protect against social engineering attacks. Shinde and Kulkarni (2021) emphasize that
establishing incident response plans enables timely action during security breaches. Street Smith
Company needs to implement policies for regular phishing training combined with strict data
scheduling rules and strict procedures during employee departure. Strong cybersecurity policies
created for Street Smith Company should act as a defense mechanism against upcoming insider
threats.
Conclusion
Street Smith Company demonstrates how insider threats create risks that demand well-built
cybersecurity strategies. The company can stop future attacks and lower security risks by
implementing multi-factor authentication, robust access control, and security policies. The
company must enforce strict role-based authentication, continuous security training, and
7
demanding access control processes. These security strategies will enable Street Smith Company
to protect its data while developing a threat-resistant cybersecurity infrastructure.
8
References
Abbas, A. (2024). Maximizing Security with the Policy of Least Privilege and Segregation of
Duties in Organizations. https://www.researchgate.net/profile/Asad-Abbas41/publication/384355851_Maximizing_Security_with_the_Policy_of_Least_Privilege_and_
Segregation_of_Duties_in_Organizations/links/66f563dfb753fa724d4935a4/MaximizingSecurity-with-the-Policy-of-Least-Privilege-and-Segregation-of-Duties-in-Organizations.pdf/
AlDaajeh, S., Saleous, H., Alrabaee, S., Barka, E., Breitinger, F., & Choo, K. K. R. (2022). The
role of national cybersecurity strategies on the improvement of cybersecurity
education. Computers & Security, 119, 102754. https://doi.org/10.1016/j.cose.2022.102754
Ali, A. (2022, July). Securing IoT connectivity: The role of Multi-Factor Authentication (MFA) in
strengthening Cyber defense. https://www.researchgate.net/profile/Adnan-Ali56/publication/384326952_Securing_IoT_Connectivity_The_Role_of_MultiFactor_Authentication_MFA_in_Strengthening_Cyber_Defense/links/66f45145553d245f9e35
184d/Securing-IoT-Connectivity-The-Role-of-Multi-Factor-Authentication-MFA-inStrengthening-Cyber-Defense.pdf/
Altulaihan, E., Almaiah, M. A., & Aljughaiman, A. (2022). Cybersecurity threats,
countermeasures and mitigation techniques on the IoT: Future research
directions. Electronics, 11(20), 3330. https://doi.org/10.3390/electronics11203330
Mohamed, A. K. Y. S., Auer, D., Hofer, D., & Küng, J. (2022). A systematic literature review for
authorization and access control: definitions, strategies and models. International journal of
web information systems, 18(2/3), 156-180. https://doi.org/10.1108/IJWIS-04-2022-0077/
Nassir, N. F. M., Rauf, U. F. A., Zainol, Z., & Ghani, K. A. (2024). Revealing the MultiPerspective Factors Behind Insider Threats in Cybersecurity. Journal of Media and
9
Information Warfare, 17, 65-82.
https://jmiw.uitm.edu.my/images/Journal/Vol17No2/Revealing.pdf/
Ogunbodede, O. O., Adewale, O. S., Alese, B. K., & Akinyokun, O. K. Insider Threat Detection
Techniques: Review of User Behavior Analytics
Approach.https://www.academia.edu/download/118388636/IJRES_2ND_PUBLISHED_PAP
ER.pdf/
Shinde, N., & Kulkarni, P. (2021). Cyber incident response and planning: a flexible
approach. Computer Fraud & Security, 2021(1), 14-19. https://doi.org/10.1016/S13613723(21)00009-9/
Vitla, S. Role-Based Access Control (RBAC) and its Impact on Organizational Cybersecurity
Policies. Available at SSRN 5079310. https://dx.doi.org/10.2139/ssrn.5079310
0
