The threat of attack from insiders is real and substantial.
It is often assumed that IT viruses and hackers should be an organizations biggest concern, the reality is that it is your own staff, whether maliciously or accidentally, that are the most common cause of a security breach.
Today’s world offers many diverse opportunities for the insider threat and it’s not only corporate data that’s at risk. Critical services (power, gas, water, sewage…) that our society relies on for its everyday functioning are now dependent on computers and seen as potentially vulnerable to security attacks.
The CERT Insider Threat Centre concludes from its research that insider attacks occur across all organizational sectors and highlights three examples of the most common acts.
The 3 most common Insider Threats
Modifying or stealing confidential or sensitive information for personal gain
Theft of trade secrets or customer information to be used for business advantage or to give to a foreign government or organization
Sabotage of an organization’s data, systems or network
Malicious employees are not the only insider threat
Most of the time, however, the insider component of these attacks is not malicious.
Forrester research has shown the greatest volume of security breaches (36%) come from ignorant or careless user actions that inadvertently cause security breaches.
The research from our own ‘Insider Threat Manifesto’ revealed 42% of IT Professionals thought ignorant users posed the greatest security risk to their organization.
In fact, almost daily users unwittingly share sensitive data or information that could fall into the wrong hands.
From research with 2,000 US and UK desk workers, the Insider Threat Persona Study found half (52%) of employees see no security risk to their employer in sharing work logins.
% of employees see no security risk to their employer in sharing work logins
Employees are also increasingly victims of stolen or compromised credentials acquired through phishing and/or social engineering. Several recent high profile data breaches have highlighted the lack of security measures in place to mitigate and protect against this unintentional insider threat.
How well are organizations managing the insider threat?
Today’s reality is that there are proactive steps to mitigate the risks from both malicious and careless users; but from our own research, many organizations are still guilty of not making their networks more secure and more immune to both reputation and financial damage.
Despite the regular occurrence of over 2,500 Internal Security Breaches occurring in US Business every day, and 19% of employees stating that have been involved in a security breach at work, only 1 in 5 IT Professionals consider Insider Threats to be a security priority.
What’s more the vast majority (86%) of IT professionals consider insider threats to be a purely cultural issue*, and are not aware that technology can help them address internal security issues.
These statistics, alongside others from CERT, Raytheon, and the impact from several high profile data breaches have started to show how internal security should be higher up the IT agenda.
Internal Security Breaches occurring in US Business every day
IT pro consider insider threats to be a purely cultural issue
The good news is that there is a lot that IT departments can do to mitigate the risks.
Many aspects of the insider threat can be mitigated with investment in tools that monitor and control users for their own benefit and for that of the organization they work for.
Additionally, any approach to tackling insider threats must also address the cultural issue; systems must be defended with security policies and staff must understand those. We found that 29% of respondents said they didn’t have a security policy and only 41% said it was included in an employee handbook or manual.
IT Security professionals need to re-evaluate their use of technology and policies to bolster defences against insider threats that many organizations downplay.
Insider Threat Mitigation on Windows Active Directory Domains
IS Decisions software offers organizations proven and effective solutions to help protect a Windows Network against Insider Threats.
Manage, control and secure network access for all authenticated users.
Secure and report on all access to files, folders and file shares that reside on Windows Systems.