When a security breach makes headlines, it’s often blamed on the catastrophic failure of technology or nefarious factors in another country. These kinds of explanations are easier to sell, and quite frankly, easier for the company whose security apparatus has been compromised to admit. But the truth is that no matter the size or the scope of the hack, in most cases, it is caused by the action or inaction of an employee within the organization.
IBM, in the 2016 Cyber Security Intelligence Index, concluded that about 60 percent of cyber attacks are instigated by insiders. The contribution of insiders to the vulnerability of an organization is growing at an astonishing rate. Out all of all the cyber attacks originating within these corporations, a quarter of them is caused by inadvertent actions while three quarters are as a result of malicious intent.
How Exactly Do These Attacks Happen and Can You Prevent Them?
The IBM survey quoted above also found that certain industries are more prone to insider security threats than others. Some of them include financial services, manufacturing, and healthcare industries — the top three. These industries are targeted due to their massive financial assets, physical inventory and intellectual property, and personal data.
While all sectors and industries have substantial differences in the value and volume of their technological infrastructure and assets that they have to manage and protect, they all have one thing in common: people. All people within an organization have the potential to be an inside threat. Here are top three types of insider threats that may breach the security of a company:
- Wolves in sheep clothing. Cybercriminals are expert identity hijackers. They can easily compromise the employee system via phishing or malware attacks. They can also glean data from social network sites and use it to leverage stolen credentials.
- Leaked passwords. Some employees who are trusted but witty can leak passwords and cause an attack. These employees are malicious and intend to steal or cause damage. Some sell data or intelligence while others steal competitive information. Others just have a vendetta against the company.
- Human error. Well, as the old saying goes, human is to err. We’re only human and some of these things are bound to happen. However, mistakes can be costly, from confidential data being sent to insecure home systems to misaddressed emails sent to stolen devices.
Depending on the scale of the breach, any of the above scenarios can seem like a perfect crime. In a bid to identify rogue elements, some organizations have been left in a zero-trust working environment where everybody is a suspect. Here are some of the ways you can avoid such a scenario within your organization:
- Know and understand your people.
- Apply deep analytics.
- Focus on the right assets.
New tools are cool and we all love playing with them, but don’t forget the basics. Close open windows before an attacker can use it to access your network by applying software patches automatically. Enforce strong standards for passwords and user identities; it will go a long way towards reducing the likelihood of having your credentials stolen.