Would there be any person or group within an organization that does not need to be concerned with information security?
The only person who need not worry about information security is the one who has no value bearing data. Unfortunately, in this day and age, every single person who is connected to modern world has some data that is valuable either to the individual or someone else. Protecting that valuable informational data from a compromise is paramount depending on its value.
According to Verizon, “No locale, industry or organization is bulletproof when it comes to the compromise of data.” (Verizon, 2016) I would add “no connected person” to that list.
Though external threats cause most of the data breach, a little less than 20% occurs due to internal threats (someone you know) and most of them are financially motivated (a little more than 75%). Most of the attacks are targeted at non-technical users – the ones that use the computer to send an email or the ones that use the ATM to get some cash for their day to day purpose. They may not have value bearing data that an adversary is looking for, but they may have something that is informational.
A person need not explicitly use technology to give up information. Mere interaction with technology or even social interaction with the adversary could cause a data breach. The value of data depends on how much the adversary can understand it.
- Verizon. (2016). 2016 Data Breach Investigations Report. Retrieved from verizonenterprise.com: http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf