Our data and systems are frequently under attack these days. A more traditional attack is from external threats like viruses or hackers trying to gain access from outside of your environment. Threats from inside your environment are on the increase though so how are you going to approach securing your environment from within?
An insider threat is a common term used by technical and non-technical people but often there are slightly different interpretations of what it means. From my perspective an insider threat is a security threat that originates from within the organisation being attacked or targeted. This could be anyone who has been given access to your environment now or any point in the past. In the past, security threats were often dealt with via traditional security methods like firewalls to keep people out of your network. An insider threat though is different in that you have given people access to your network but that access is being misused. Due to it being internal this can often be much harder to track and protect against.
It is thought that there are millions of insider attacks every year, obviously ranging in size from ones you don’t hear about to huge data breaches. It’s a very difficult statistic to nail down but insider threats that leak data can take days, weeks or even months to identify. Most companies surveyed often don’t have anything in place to let them find these data breaches at all which is why statistics are hard to qualify. The longer these threats remain undetected though the longer the data leak can potentially occur for and this can increase any regulatory punishment that may be imposed.
A survey that was carried out for us detailed that:
Perhaps the most startling statistic though, to go with this, is that one in every two employees believe it is OK to take company data.
The main three areas where a data leak or configuration change, caused by an insider threat, impacts a company are:
A company’s name can become infamous very quickly with a bad data breach and this can affect future business negatively and take years to fully recover their reputation. In addition, regulation is becoming more and more powerful, and the fines and punishments that regulators can impose are forever increasing.
Well the insider threat typically falls into one of malicious activity, negligent behaviour or an accidental breach. Malicious is obvious enough in that an individual has decided to exploit the access they have in their employees environment to release confidential information or cause internal damage for material gain or some other motive.
Negligent behaviour is varied and can include things like employees not following correct policy for storing sensitive information or opening an attachment from an unknown source that triggers a ransom-ware attack. Finally, accidental releases could include things like accidentally sending data to the wrong email address or sharing data that they did not realise was confidential.
There are a myriad of different approaches that companies can make to minimise the likelihood and impact of the insider threat but I would suggest the following as some high level activities to carry out:
We have software that can help to combat the insider threat in a variety of ways. Why not come along and learn for yourself in London on 15th June or in Birmingham on 20th June where you will be able to get ‘hands on’ with our products and understand how they can help to combat the insider threat.