02 Mar Insider Threats and the Hidden Risk Inside Your Organization
The number and size of insider breaches continue to rise year on year. Databases, file servers, and the cloud hold vast amounts of sensitive corporate assets. With 89 percent of organizations feeling somewhat vulnerable to insider attacks, changes are needed to keep corporate assets safe.
Insider threats, to include sabotage, theft, espionage, fraud, and competitive advantage are often carried out through abusing access rights, theft of materials, and mishandling physical devices. Insider threats are caused by a wide range of offenders who either maliciously or accidentally do things that put an organization and its data at risk.
Insiders pose tremendous risk to organizations. According to the Ponemon Institute, insider attacks cost companies about $144,000 per incident. Containing and resolving the complexities associated with insiders cost companies an average of $21,000 per day.
The effect of insider threats and the legacy of targeted breaches at Home Depot, JP Morgan, Target, Sony, and many others has caused organizations to understand the damage that a rogue user with admin rights can do. They know that if this type of user is not properly monitored and controlled the damage to the business can be far-reaching.
Here are some things organizations can do to prevent damage caused by an insider.
- Create productive and healthy work environments to help reduce the unintentional insider threat.
- Educate and regularly train employees on security or other protocols.
- Ensure that corporate and customer information is adequately protected.
- Provide effective security practices (e.g. two-factor authentication for access).
- Require identification for all assets (e.g. access cards, passwords, inventory check out).
- Use appropriate screening processes to select new employees.
- Provide non-threatening, convenient ways for employees to report suspicions.
- Routinely monitor computer networks for suspicious activity.
- Ensure security personnel (to include computer network security) have the tools they need.
- Maintain staff values and attitudes that align with organizational mission and ethics.
Remind employees that reporting security concerns is vital to protecting your company’s assets, its reputation, its financial well-being, and its future. They are, in effect, protecting their own jobs. If they see something, they need to say something.
Powered by www.InfoSightInc.com