As a business owner or IT manager, you take great pains to protect your network infrastructure and trade secrets from external threats. You make sure your servers and desktops are patched on a regular basis, and you counsel your employees on the dangers of phishing scams and targeted ransomware attacks. But are you doing everything you can to protect yourself from an insider threat?
For many business owners and IT professionals, the answer to that question is a resounding no. Even as businesses struggle to update their software and protect against the dangers of hackers, the real threat often goes unnoticed.
Insider threats and the risk of cybercrime
When it comes to protecting themselves and their businesses from the dangers posed by a hypothetical insider threat, businesses must necessarily reflect on where the real dangers are coming from. And while no one discounts the risk of hacking and ransomware attacks, an insider threat could be even more devastating.
Unlike those far away hackers, insiders are right there. They are part of your organization, they know the structure of your information technology operations and they understand how your files are stored and how they are backed up.
If an insider wished to pose a threat, he or she could almost certainly do it. As a matter of fact, nearly half of those who could one day pose an insider threat recognize the power they hold over the organizations that employ them.
A troubling reality
A recent report by Imperva should give information security professionals, business owners and third party vendors plenty to think about. That survey found that nearly half of security professionals said they could implement an insider attack if they wished to, taking that insider threat from the realm of the hypothetical into the world of reality. These opinions expressed are just that – opinions, but the individuals surveyed are speaking from positions of experience. As security professionals and information technology experts, these insiders hold the keys to the kingdom, and it would only take one disgruntled IT staff member to bring the network down. And more worryingly, almost half of organizations would take weeks, months or never find out about these malicious insiders.
Terry Ray, CTO of Imperva, said it best,”Business’s continued reliance on data means more people within an organization have access to it. The result is a corresponding increase in data breaches by insiders either through intentional (stealing) or unintentional (negligent) behavior of employees and partners. While the most sensational headlines typically involve infiltrating an ironclad security system or an enormous and well-funded team of insurgents, the truth of how hackers are able to penetrate your system may be less obvious: it’s your employees.
“Insider threats are one of the top cybersecurity threats and a force to be reckoned with. Every company will face insider-related breaches sooner or later regardless of whether it is caused by a malicious action or an honest mistake. And it’s much better to put the necessary security measures in place now than to spend millions of dollars later. Every company can take some basic steps in their security posture to minimize insider threats, including background checks, monitoring employee behavior, using the principle of least privilege, controlling and monitoring user access, and educating employees.”
Assessing and handling the insider threat
From experts in the information technology business to the leading third party vendors, the pros recognize the insider threat for what it is. While no one would argue that protection from hackers and other external threats is a waste of time, it is clear that businesses need to spend more of their time and resources assessing the threat coming from inside their own walls.
If you doubt the seriousness and the reality of this insider threat, just think about how much sensitive information the typical employee encounters on a typical day at the office. From Social Security numbers and medical ID numbers to credit card and bank account information, the people on your staff are privy to some of the most sensitive information imaginable.