From Malicious To Oblivious: Insider Threats Reach Far And Wide
With 2015 being marred by the highly-publicized information hack on Sony Pictures and a slew of attacks on U.S. businesses believed to be perpetrated by groups funded by the Chinese government, foreign threats to security infrastructures have never been more widely discussed in the media. The reason is quite simple; security risks are increasing exponentially each year and the financial losses that are incurred as a result are rising past the millions and well into the billions.
But while businesses should be designing security infrastructures with outside attacks in mind, insider threats are not only incredibly important to guard against as well, but also far more challenging to detect in the first place. Businesses’ inabilities to identify troublesome situations that develop within internal systems make the findings of a recent Symantec survey, which found that 45% of polled federal IT managers were targeted by insider threats in the past year, not all that surprising.
And while the Office of Management and Budget has identified the need for federal agencies to improve threat detection and general security infrastructures, the fact that the OMB has essentially acknowledged security vulnerabilities on a government level is a bit unnerving. Yes, constant development is needed to keep everything running smoothly, but this does not appear to be confined to standard maintenance procedures.
Only 55% of federal agencies that responded to the Symantec survey indicated that they had any significant plan in place to address insider threats. 55%. If the government was being graded by a grade school teacher, it would fail by a significant margin.Plus, there’s the small difference of national security being slightly more pressing than a vocabulary quiz.
So with the U.S. government setting the security bar at knee-level, it may seem that large corporations and small businesses alike have no hope in preventing insider threats from crippling infrastructures.
Should employees be properly trained and informed of the risks that their actions pose?
Should employees be made aware of the sensitivity of the information they work with?
But simple lectures are not enough.
The safety of customer data and sensitive information cannot simply be put in the hands of employees to trust, since even the smallest mistake, whether it be an accidental email or malware download, can be enough to let information out and malicious users in. In all situations, employee monitoring software is the key to remaining safe and secure. By recording every keystroke, accessed application, and individual action taken on desktops, servers, and thin clients, Employee Monitoring creates a bulletproof log of activities for each user, allowing for both immediate security alerts and extensive histories to be recalled.