How attractive does your business look to malicious insiders? Often a business doesn’t expect their trusted employees to steal from the company. Instead, businesses turn their attention to outside forces that try to penetrate the business security. With phishing emails, malware attacks and ransom episodes, it’s easy to ignore the rising insider threat. But they shouldn’t.
Often threats to cyber security are associated with malicious outsiders, but employees are increasingly becoming the source for data breaches and information leaks.
Among 874 occurrences in the Ponemon Institute 2016 Cost of Data Breach Study, 568 were caused by employee or contractor negligence; 85 by outsiders using stolen credentials; and 191 by malicious employees and criminals.
The healthcare, education and finance industries are spending the most to remediate these data breaches. IBM further states that 55% of cyber attacks were carried out by insiders.
Whether the employee goes rogue or due to simple negligence, the effects of this activity has lasting financial consequences for the business.
In a 2017 Insider Threat Report, 53% of businesses estimated $100,000 costs due to insider reasons, and 12% estimated costs more than $1 million. The report also indicates that 74% of businesses feel vulnerable to insider threats.
The insider threat is real, and these insiders are within the corporate walls, equipped with an all-access pass to business data. The insider threat is increasing due to many reasons. For one, the interconnectivity of devices allows data to be accessed quicker and easier. It can also be exacerbated by the increasing concentration of computer power and the global Internet infrastructure.
Insider threats make a business vulnerable. But how can a business protect themselves from the internal threat?
The solution comes in many forms; including education, control and data.
Employees are often unaware of potential security threats. Many attacks start from a phishing campaign, where an uneducated employee clicks a malicious link embedded in an email. This happened to the US Securities and Commission office when employees were subjected to a series of spear phishing attacks, targeted campaigns to executives and managers, gaining access to confidential information. These are accidents, but they’re costly accidents.
Education is the first building block to successfully deter insider threats.
Through education, employees can be trained to understand the reasons why it’s important to actively think about data security, and how to detect when malicious attacks sit on their front doorstep. Employees are often unaware of common cyber security practices that they should follow, and even if they do know about them, they don’t realize how much non-compliance can affect the bottom line. Businesses that are successful at deterring insider threats, are those that have built a employee training program with full engagement from employees and upper management.
Control is the second building block to a successful insider threat detection.
You can’t control what you don’t know. Generally, businesses give important access to employee personal that don’t need it, or worse, they continue access to important information after the employee has been terminated. Control is the key here. Businesses need to know who has control to what and manage it effectively. The less people with access to important data information, makes it easier to identify and manage insider threats. Privileged IT users with access to administrative accounts top the list of most concerned potential of insider threats.
Through a recent study, customer data is the most vulnerable asset to threatening employees, followed by employee, sales and healthcare data. A control system will eliminate multiple data entry points, and control this privileged information to only a few employees.
This main solution is data.
Every user displays a diversity of behavior and traits, which translates to loads of data that can often be incomprehensible. Usually, businesses aren’t able to track employee data consistently, resulting in patchy data sets.
The first step in eliminating the insider threat is building a comprehensive system that collects data consistently to identify a baseline of normal activity. Through this data, businesses can identify correlations and detect anomalies confidently when employees make mistakes or go rouge. This is only achievable with this form of analysis and data collection. By applying such behavioral analytics, businesses can identify malicious insider actions and identify risks. Simply put, businesses need a functioning employee monitoring system to analyze the data and deter insider threats.
Businesses grow more vulnerable to insider threats. The first step is to recognize these threats and incorporate ways to eliminate it in your security strategy. Businesses can utilize employee training, control measures and proper use of employee data to create a clear picture of the insider threat, and conquer it appropriately.