The last few years have shown that the most underrated and unaddressed cyber breach potential in any enterprise is from the ‘trusted insider.’ Despite this, many companies seem to have their security investment strategy stuck in a legacy, network-centric mindset. This passé attempt to ‘hard-shell the network’ ignores what leading cyber warriors understand to be the real threat – sensitive yet unprotected information that exists throughout the organization. This is the ‘soft and gooey centre’ of an organization is where trusted insiders live, and where they have unfettered access. By their nature, insiders hold positions that allow them to send email, save information to cloud-based depositories such as Dropbox, or even to share sensitive communications and information on BYOD devices such as a personal smartphone.
Data breach incidents have risen to an average of two per day, most often at the hands of a trusted user. This has shown us that the insider threat is the clearest and most present danger. Data loss, leak, or theft has emerged as the premier high-impact event that can hit any enterprise. Consider the NSA, arguably one of the most secure organizations on the planet. It wasn’t a hack, an inserted ‘bot’, or malware tunnelling through their defences. It was an insider performing the actions that all insiders take on a daily basis – copy information to a USB key, access file servers, send information via email, that brought the NSA to its knees. Every industry faces the same threat; energy, finance, healthcare, telecom, manufacturer, and government can all be taken down due to an insider’s access and actions.
It’s for this reason that we have been forced to pay attention to this type of threat, and to and apply analytics to see what it really means to the average company. These numbers are worthy of our attention, if not downright frightening.
According to the recently published Insider Threat Spotlight Report:
- Privileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations, followed by contractors and consultants.
- Less than 50 percent of respondents believed their organizations have appropriate controls to prevent insider attacks, and 62 percent of respondents said that insider attacks are far more difficult to detect and prevent than external attacks.
- 38 percent of survey respondents estimated data breach remediation costs to reach up to $500,000 per insider attack. 64 percent of respondents said they “found it difficult to estimate the damage of a successful insider attack.”
For more information, get in touch with our cyber security experts.