The introduction of information technology has made management of business easier and more flexible but it has not come without its risks. Computers and sites are in risk of breach from irrelevant sources and cannot be fully trusted. Denise (2008) argued that IT management executives are starting to face up to the realization that the biggest threat they face comes from internal security attacks and data breaches as opposed to external ones. Internal threats are a bigger threat to business than external ones because they destroy a company's image and breach its security on information.
The greatest risk to internal threats is the employees themselves. This happens normally when individuals try to access information via internal networks. Internal networks are very sensitive and hard to manage so without proper computer skills one can install malicious software in the corporate systems causing worms and viruses hackers which distribute easily hacking the entire network system.
The reason why internal threats are feared is because they bring along harm in several ways. The greatest harm is the costs associated with the internal threats in trying to restore the network again and this could lead to drop in production rates. Another harm is loss of customers due to mistrust and confidence. If the internal threat causes loss of information, access to confidential information belonging to customer's, business partners, or investors, this could be a big blow to the company's reputation and could be sued for violation of legal and regulatory requirements to protect sensitive customer information (Sumit 2002).
Business is also interrupted due to an internal breach because data and information crucial to the company's running is destroyed which also creates a financial crisis and network systems interruptions cause business to slow down. External threats still exist but according to Gartner (2003) they are normally easily addressed and controlled and do not cause as much harm as internal threats do network systems.
In order to provide solutions to this problem, information security should be part and parcel of risk management and policies to implement confidentiality, data integrity and authentication of business protocol should be made part of the company overall protection policy and should be made a reality. In conclusion, there is need for the realization that internal threats can cause a big security breach to a company's information systems than external threats.