An “insider threat” is a security threat that originates from within the organisation. The term encompasses employee error, manipulation and malicious action.
Insider attacks may be increasing in frequency, but they are still frequently overlooked as companies focus their attention on creating barricades to outside cyber attackers.
The real concern is not an unknown entity in a foreign location, it’s your employees in the breakroom. Your employees not only have access to your most sensitive data, they understand how to circumvent the internal systems and what information in particular has the most value.
Even if you assume none of your employees could be malicious actors, you still have the dilemma of those who mistakenly beocme the victim of a phishin attack, inadvertenly release sensitive data or mishandle proprietary information.
Seeking expert opinions on the matter, Digital Guardian, the threat aware data protection platform, spoke to 47 data security experts to weigh in on the real risk of insider v outsider threat.
We’ve selected 5 leading security experts to offer their insight on the real danger posed to your company by those on the inside…
Data Protection and Privacy Specialist, President and CEO of AMINA Corp
“The question of whether the biggest threat to information is from within or outside an organisation is a perpetual chicken and egg question…
In more than 30 years of advising government and private sector organisations about data privacy and protection compliance, I have seen that the source of every data risk and problem is employees, executives, suppliers or partners inside the organisation who either did something or neglected to do something, that allowed a vulnerability to occur.
Whether through curiosity, malice, or good intentions, the people inside an organisation who have access to its systems and information are inevitably the biggest risk.”
Expert Security Advisor, President of Coursen Security Group
“According to a recent report, 58% of all security incidents can be attributed to insider threats.
The most significant obstacle for a company to overcome is employee complacency.
In most corporate environments, upwards of 80% of employees are unable to articulate any real understanding of IT-security related issues and are most likely to:
- introduce a virus through a NSFW download
- accept malware through a phishing exploit
- introduce a corruption mobile device to the corporate network
- engage in some sort of inadvertent human error which may result in a threat to data security.
Outside actors take full advantage of these insiders’ vulnerabilities…Hackers are no longer breaking in through back doors which may trigger alarms. Today they are stealing the keys of authorised users and walking right through the front door.”
Managing Director of the Information Security Forum
“As data breaches increase, many will be the result of insider threats. In fact, the insider threat is unlikely to diminish in the coming years and will be a major threat to businesses.
Efforts to mitigate this threat, such as additional security controls and improved vetting of new employees, will remain at odds with efficiency measures.
More insiders with malicious intent will emerge as more people place their own ethics and perceptions above those of their employers.
The insider threat has certainly intensifies as people have become increasingly mobile and hyper connected.
Nearly every worked has multiple, interconnected devices that can compromise information immediately and at scale: impact is no longer limited by the amount of paper someone can carry.
Simultaneously, social norms are shifting, eroding loyalty between employers and employees.”
Co-Founder and Chief Digital Officer of Viable Operations/Bespoke Digital Solutions
“The most disconcerting and troublesome threat is the insider threat.
While the outside threat vectors continue to change, a multi-layers cybersecurity approach works best. It’s the inside threat that you can control a bit better.
Governance, for example, dictates who has access to such confidential information. There should be strict limits on third-party access to your systems.
While no threat can be 100% eliminated, you have a higher chance of success with protocols in place that minimise any damage that can be done from an internal source.
Of course, an inside threat also needs to be addressed by education. Sometimes an employee may unwittingly use improper procedures when accessing the company system from a remote location; these are addressable issues.
Finally BDR (Backup/Disaster/Recovery) must be in place for the inevitable.”
Founder and Principal of LIFARS LLC, International Cybersecurity and Forensics Firm
“…Insiders are the biggest threat to a company’s data.
Insiders can be a threat both intentionally and unintentionally.
Insiders will always be a bigger threat as they already have physical access and potentially more. A malicious admin is more dangerous than a group of sophisticated hackers simply because they already have the keys to the kingdom.
On top of that, users are also a major source of unintentional damage, such as unplugging the wrong server or misconfiguration of backups. Internal users can also be bribed or otherwise coached into such actions as well.
Or maybe they bring in threats as well. This is why social engineering is the biggest source of compromise, since it relies on human weakness.”
Special thanks to Nena Giandomenico and Juliana de Groot from Digital Guardian for their piece. You can read their full article here
Ponemon estimates the average cost of resolving an insider-related incident is upwards of 4.3 million.
That’s not taking into account the many consequences that follow, from regulatory, reputational and culture damage.
To effectively manage insider threat, you need a full program integrated into your current cyber security measures.
To bring you the essential information on strategy, culture, people, processes and technology, C5 has invited leading experts from Capital One, the London Stock Exchange, Addison Lee, Spearhead Advisory and many more to deliver a comprehensive 2 days of insider threat knowledge and insight.
In London, on October 31st and November 1st you can join us and meet your insider threat challenges head on