When set to thinking about cyber threats, people’s thoughts often go immediately to the external — to bad actors outside the company. Historically, at least, the data breaches making the most noise in the news are carried out by outsiders. However, the most dangerous security threat to the modern enterprise may not in fact come from malicious outsiders at all, but from an inside source: employees.
The danger to today’s company from insiders finds expression in countless disturbing statistics, including:
- 60% of all attacks are carried out by insiders (Source)
- 65% of companies don’t enforce their password policy (Source)
- 70% of millennials bring outside apps into work in violation of IT polices (Source)
Insider threats are tougher to prevent because insiders don’t often intentionally threaten their company’s data. The great majority of insider data breaches are in fact unintentional.
Familiarity is a large part of the problem. Because insiders have access to critical data and sensitive information on a regular basis, have close knowledge of how a company protects its data.
If these individuals ever, for any reason, want to steal or leak company data, they can do so with ease compared to someone without their level of familiarity. For anyone who has free access to company data, a breach can be as simple as oversharing on social media, “losing” a laptop or mobile device or USB drive, or attaching sensitive files to email “by accident.”
Keeping your company’s information safe from both malicious and unintentional breach requires a holistic approach to security. Such an approach involves giving equal attention to internal and external threats, and establishing — and then enforcing the observance of — best practices for preventing and mitigating damage from insider threats.
Join ITWC CIO Jim Love and Rob Marti, Director of Privileged Access Management at CA Technologies on Wednesday, January 31st from 1:00 pm to 2:00 pm ET for “The Threat Inside: Your employees as a security risk.” In this webinar, Love and Marti will discuss the results of the 2018 Insider Threat Report, and will share findings and best practices to help you protect your organization. REGISTER TODAY