Check the business news these days and chances are you’ll hear about some new cybercrime threat, like phishing attacks that zero in on CEOs or specialized ransomware targeting personal data-rich organizations like hospitals. No wonder so many entities are investing in security technology to keep intruders out.
But what happens if the threat is coming from within?
Insider threats to data security are on the rise, and IBM recently reported that more than half (55%) of cyberattackers are insiders. But that’s not to say your organization is crawling with cybercriminals. In fact, a number of these insiders – 23.5% – have no ill intent at all and are putting data at risk accidentally or unknowingly.
That said, insider attacks can wreak havoc on an organization regardless of whether their intent is malicious or benign. To keep this from happening to your business, the first step is knowing what you’re dealing with. So, let’s start with three troubling facts about the insider threat to your data, as well as information on what you can do to protect yourself.
1.) Insider attacks can be costly
According to a 2016 Ponemon Institute survey, insider incidents cost companies an average of $4.3 million a year. The survey also found that the average cost per incident for a certain type of malicious breach was more than double that of a breach caused by simple carelessness or negligence.
The costs associated with insider attacks are numerous, ranging from investigation of and remediation for a specific incident to the broader loss of business that can follow a data breach. The exact numbers and consequences depend on the nature and extent of the breach.
For example, the cost to pay customer claims associated with leaked credit card numbers may be steep, but it is also finite. However, the cost of lower sales that often follow such a breach isn’t as easily calculable.
What you can do: Take an informed approach to investing in cybersecurity protections against insider threats. Calculate the potential costs of a breach and consider your options from there. As the old saying goes, an ounce of prevention is worth a pound of cure.
2.) Insider threats are hard to spot
One of the most troubling aspects of insider attacks is that they can be much more difficult to detect than external ones, as the employees or contractors causing them have legitimate access to the systems being compromised. As a result, insider threats may go unnoticed for a long time.
It’s not only malicious attackers who pose this problem. Sure, these individuals can elude detection by tampering with monitoring systems or finding other ways to bypass security measures and cover their tracks, but sooner or later, they’re likely to slip up. Not so with the benign users who may not even know there’s a problem, much less that they’re responsible. As a result, it may take even longer to realize something is going on in such cases.
What you can do: Educating employees and contractors about security policies and practices is one of the most important steps you can take to guard against insider risk. Although this approach won’t protect against malicious activity, it will reduce the likelihood of someone accidentally putting data at risk.
3.) Privileged users present the biggest problem
You might think privileged users (trusted employees with high-level access to your organization’s data assets) are the last people you need to worry about. However, the more access to data an employee has, the greater the risk there is. When acting maliciously, privileged users pose a threat because they can more easily access systems and networks, make changes and get around controls meant to reduce risk. Even if they don’t intend to harm the company, the fact that privileged users have a lot more to expose than most of your employees makes them especially vulnerable to malware or other external attacks.
What you can do: Adopt and enforce best practices for privileged users (e.g. always logging out of sensitive systems), and talk to your IT provider about privileged account management technologies to help keep these individuals from intentionally or accidentally compromising data.
Contact MyITpros to find out more about your organization’s vulnerability to insider threats and learn how to create a strategy to protect yourself.