The Insider Threat Level is here to keep you up-to-speed on the latest examples of insider threat incidents, trends, and best-practices, so that you’re better prepared for anything coming your way.
This week, our feature story addresses Why Companies Fail to Recognise Insider Risks. It is a response to the Computer Weekly coverage of a talk at IPExpo in London: Companies Failing to Recognise the Internal Cyber Threat.
The Scoop
Graham Cluley, an independent security researcher, broached the topic of “insider threats” recently with attendees of IPExpo in London; as covered by Computer Weekly. In the talk, Cluley suggested that the majority focus at many companies is “on external cyber threats,” and that risk of insider threats “is being overlooked.”
The remainder of the article elaborates on a few examples of insider threat incidents, including one (of which was described as a “scam”) carried out by two brothers who abused their privileged access and knowledge regarding proprietary Iowa lottery IT systems to increase the chance of winning it big.
Regarding these stories, Cluley stated that “...Companies can’t always trust their IT staff, even those tasked with keeping systems secure and security strategies should take that into account.”
Hot Take
The state of the insider threat in the cybersecurity landscape is changing, but Cluley is absolutely right: many organisations are unaware of the risks associated with their own employees or contractors access to valuable systems, files, and data.
This is not to say that all insider threats are malicious – the reality is quite the opposite. Statistically, it is more common for an accidental insider threat incident to occur than one of ill-intent. But the story that has been broadcast up until this point focuses on the “evil-doer.” (You know, the one who always wears a hoodie obscuring their face?)
So how do we raise the importance of managing the risk of insider threats within an organisation? And better yet, why should we?
[click_to_tweet tweet="Insider Threat Incidents are costly (and in more ways than one). An incident can affect: trust and confidence in your brand, integrity of systems and data, user privacy, and your organisation’s coffers." quote="Insider Threat Incidents are costly (and in more ways than one). An incident can affect: trust and confidence in your brand, integrity of systems and data, user privacy, and your organisation’s coffers." theme="style3"]
As for “how we raise importance of insider threat management?”
It all starts with leading by example, and taking a no-nonsense approach to potential insider threats. Bring together the People, establish Processes, and Implement technologies that make it easier to detect and stop incidents before they happen!
It can be done! All we have to do is start.
What Else is Happening
Data Breaches Triple in Financial Sector
Source: Infosecurity Magazine
According to research data provided by Bitglass, U.S. financial services organisations have suffered roughly three times more data breaches in the first half of 2018 than faced in the same timeframe in 2016. They reported that 3% of these incidents were insider threat related.
We ask: how many insider threat incidents go unreported or undetected in financial services?
Corporate Insiders Willing to Share Proprietary Information with Cyber Criminals
Source: CNBC
CNBC reports that “there is a booming job market for corporate insiders who are willing to share secret info,” indicating that the problem “is so common that in some jurisdictions, criminal enterprises post job ads looking for specific insiders to aid in targeted schemes.”
Insiders Cause 73% of Data Breaches in the U.K.
Source: Information Age
New research from data security firm Netwrix indicates that a fifth of UK organisations “don’t know where sensitive data is or how employees use it,” and that insiders are the cause of incidents in 73% of reported cases.
What You Might Have Missed
It’s easy to get caught up in the daily grind – we get it! Here is what happened in the last Insider Threat Level: we discussed Amazon’s data leak investigations, U.K.-based university insider threat incidents, the excuse of cybersecurity bypasses for productivity, industrial sector threats, and a criminal conviction.