Get Aligned!

The last few years have shown that the most underrated and unaddressed cyber breach potential in any enterprise is from the ‘trusted insider.’ Despite this, many companies seem to have their security investment strategy stuck in a legacy, network-centric mindset. This passé attempt to ‘hard-shell the network’ ignores what leading cyber warriors understand to be the real threat – sensitive yet unprotected information that exists throughout the organization. This is the ‘soft and gooey center’ of an organization is where trusted insiders live, and where they have unfettered access. By their nature, insiders hold positions that allow them to send email, save information to cloud-based depositories such as Dropbox, or even to share sensitive communications and information on BYOD devices such as a personal smartphone.

Data breach incidents have risen to an average of two per day, most often at the hands of a trusted user. This has shown us that the insider threat is the clearest and most present danger. Data loss, leak, or theft has emerged as the premier high-impact event that can hit any enterprise. Consider the NSA, arguably one of the most secure organizations on the planet. It wasn’t a hack, an inserted ‘bot’, or malware tunneling through their defenses. It was an insider performing the actions that all insiders take on a daily basis – copy information to a USB key, access file servers, send information via email, that brought the NSA to its knees. Every industry faces the same threat; energy, finance, healthcare, telecom, manufacturer, and government can all be taken down due to an insider’s access and actions.

It’s for this reason that we have been forced to pay attention to this type of threat, and to and apply analytics to see what it really means to the average company. These numbers are worthy of our attention, if not downright frightening.

According to the recently published Insider Threat Spotlight Report:

  • Privileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations, followed by contractors and consultants.
  • Less than 50 percent of respondents believed their organizations have appropriate controls to prevent insider attacks, and 62 percent of respondents said that insider attacks are far more difficult to detect and prevent than external attacks.
  • 38 percent of survey respondents estimated data breach remediation costs to reach up to $500,000 per insider attack. 64 percent of respondents said they “found it difficult to estimate the damage of a successful insider attack.”

Learn how to protect your organisation from insider threats by visiting https://oryxalign.com/our-services/enterprise-data-security/

Back to List

Related Stories

Security on the move

Security on the move

The ability to stay secure and productive anywhere, on any device is of great and growing importance to all businesses.

We look at the fi…

Read Post

Business Benefits of Microsoft Azure

Business Benefits of Microsoft Azure

Connecting Clouds: The growing pains of cloud adoption continue as organisations realise that a single solution of either Private Cloud, Dat…

Read Post

Understand & improve your security posture

Understand & improve your security posture

Gain deeper visibility into and take control of your security.

Assessing your security posture is an ongoing challenge. Increasingly soph…

Read Post

Artificial Intelligence

Artificial Intelligence

Artificial Intelligence (AI) and Machine Learning (ML) are fast becoming important pillars of many organisations’ digital transformation s…

Read Post

IT Risk Management

IT Risk Management

With today’s pressures of compliance, cybercrime and customer demands organisations can no longer afford to have ad-hoc IT Policies and IT…

Read Post

Team Talk

Team Talk

Whether you use Office 365 or not; Microsoft Teams is free. That’s right, free. As in £0. Microsoft Teams is a hub for teamwork. Keep all…

Read Post

Office 365 Powers Ahead

Office 365 Powers Ahead

Microsoft release a quarterly report each month and within the latest quarter (April, Q3 2019) of the Earnings Call section it’s more good…

Read Post

Protecting Your .UK Presence

Protecting Your .UK Presence

The clock is ticking on who can register a .UK domain in your name.

Nominet, the governing body of UK domain names, released shorter .UK …

Read Post

Checklist to Digital Transformation

Checklist to Digital Transformation

Digital Transformation is the novel use of digital technology to solve traditional problems.

It’s about finding new ways to deliver valu…

Read Post

AWS, Azure & Google: A Public Cloud Comparison Report

AWS, Azure & Google: A Public Cloud Comparison Rep…

The three leading cloud computing vendors, AWS, Microsoft Azure and Google Cloud, each have their own strengths and weaknesses that make the…

Read Post