Often when we talk about cyber and IT security, we are discussing the external threats such as cyber criminals, malware, sypware or DDoS attacks. It’s important to be reminded on occasion that there are many internal threats that could be coming from right within our organizations.
Think of the scandalous Ashley Madison hack last year—this breach became one of the most talked about hacks from 2015 after they discovered a woman who actually worked for the company had stolen the data. Many IT security reports have noted that these insider threats to businesses are actually on the rise. The 2015 Vormetric Insider Threat Report stated that insider attacks on corporate data have been relentless over the past year, with difficult and long-lasting impacts.
How can we identify our insider threats?
These insider threats can come from a wide range of offenders, either maliciously or accidentally, taking actions that put their organization at risk. It is becoming more difficult to “profile” an inside threat, as the offenders have moved beyond just confused employees or malicious IT staff. The threat landscape now can include outsiders who have stolen user credentials, business partners or contractors with inappropriate user credentials, third-party services with administrator rights and more.
Consider the fact that external threats must still find a way to break in, but those on the inside already have access to the company’s valuable data and know where it is stored. For this reason, these insider threats can often be more damaging than external factors, and they are often more difficult to defend against. The one factor that both internal and external threats share in common is often the motive—both are often looking to make a profit by stealing and sharing a company’s data.
Common causes behind insider attacks
Insider attacks with malicious motives are unfortunately common. In January 2015, Proctor & Gamble Company filed suit against four former Gillette Company employees, after accusing them of wrongfully using and disclosing confidential information and trade secrets to a direct competitor. In July, an employee of Merit Health Northwest Mississippi was accused of removing patient information from the facility over a two year period without authorization. The employee stole all of this information with the intent of identity theft.
Another common cause of insider attacks is accidental exposure, when an employee unintentionally and unwittingly creates a vulnerable situation or allows data to be accessed. Anything from lost laptops, misdirected emails, or a paper report left on the printer can all be causes of an inside attack and stolen data.
Catching a criminal
Technology and accountability measures should be put in place in order to track user behaviors. According to the 2015 Vormetric Insider Threat Report the global position for insiders who pose the largest risk to an organization include:
- Privileged Users (55%)
- Contractors and Service Providers (46%)
- Business Partners (43%)
- Ordinary Employees (35%)
- Executive Management (28%)
- Other It Staff (25%)
Preventing insider attacks begins with a simple understanding that data breaches can happen internally. The good news is results from the 2015 Vormetric Insider Threat Report show that insider threat awareness levels have increased. Only 11% of respondents felt that their organization was not vulnerable to insider attacks and a very large percentage (93%) were looking to increase or maintain existing spending on IT security and data protection in the coming year.