When you think of insider cybersecurity attacks, you might immediately envision an angry former employee or one that is disgruntled and getting ready to leave. While these are situations that do occur, there is another element that is just as important for your focus, and these are referred to as “accidental/unintentional threats.” Both forms of cyber threat need to be taken seriously, and both types also involve a psychological aspect.
Managers devote a lot of time in the hiring process, and trust is a critical portion of a relationship. Employees often have access to proprietary information and yes, even secrets, and you rely on them for discretion and privacy. IBM released a 2015Cyber Security Intelligence Index report indicating human error is almost always involved in breaches. 95% of the breaches analysed involved a mistake, with 31.5% involving malicious insiders, and 23.5% involving inadvertent insider error. These numbers made some rather drastic changes in a2018 report by CrowdResearch Partners, where they list 47% of cyberattacks from malicious/intentional insiders, and 51% accidental/unintentional insider.
If this topic was as simple as trusting or not trusting, HR departments would have a fairly easy job. However, this is a lot more complex, and involves considerations that are both shocking and quite possibly distasteful.
Who poses the biggest threat and what are they stealing?
In the same Crowd Research Partners report, they found the insiders that pose the biggest cybersecurity threats are: 56% are regular employees, 55% are privileged IT users, and 42% contractors.
In the past, general data seemed to be the most valuable asset for cybercriminals, but we are now seeing that this has expanded to include confidential business info (57%), with 52% involving privileged account information, and 49% of sensitive personal information.Other high priority information includes 32% intellectual property, 31%employee data, and 27% operational data. All of this can be sold on the dark net or even to competitors at quite a profit.
Accidental/Unintentional cyber threats
Companies that have loose or nonexistent policies regarding the technologies connected to the internet are ripe for attack. The staffers typically don’t intend to cause harm when they are surfing the net or when they brought that CD into work. This is a case of naivety that can be associated with such a high cost that it can take a business under. 67%of so-called unintentional cybercrime is associated with phishing attempts. 56%involve reused or weak passwords, unlocked devices at 44%, another 44% involves poor practices in sharing passwords, and 32% with unsecured WiFi networks.
Get Your Security House in order
Many organisations are waking up to the fact that many breaches occur with user behaviour or accidents. While 90% of organisations have felt vulnerable for attacks involving insiders, they continued to practice such enabling factors as too many users with excessive access privileges, and the lack of action regarding the complex addition of new technologies.
Those companies that have taken the insider threat seriously are moving forward with deployment of DLP (Data LossPrevention), identity access management, and building specifically designed insider threat programs to deter both intentional and accidental cyberattacks and breaches. Cybercriminals will continue to change their approaches, and your company and employees need to be educated and prepared.
“Da Vinci Forensics specialises in the sensitive topic of employee training and IT awareness for the implementation of the critical programs that your organisation needs. We work together to formulate a plan that incorporates the technologies that you require and up-to-date information on the latest methodologies that cybercriminals take to try to access your data. In today’s information-filled world, you need every tool in your toolbox to protect your proprietary data from both inside and outside attacks.”
Da Vinci Forensics