Despite an increased focus on cybersecurity awareness in the workplace, employees’ poor cybersecurity habits are getting worse, compounded by the speed and complexity of the digital transformation. Of the 1,600 global employees Vanson Bourne surveyed, 75% of respondents admitted to reusing passwords across accounts, including work and personal.
Organizations are at varying stages of the digital transformation, and that evolution has presented an increasingly complex IT environment to manage securely. Yet the survey findings points to a workforce who are less committed to security best practices.
Is your security approach exposing your organization to risk? The answer is “yes” if your security strategy focuses exclusively on external threats. If the breaches of the last 24 months have taught us anything – it’s that insider threats are a cause for equal if not greater concern.
The problem with traditional implementations is a security-with-blinders focus on files, infrastructure, and data in order to secure systems. They limit access to unauthorized users, but do not take into account the risk involved with negligent or malicious users that have already been given access to the system. This is the real risk of insider threat.
Malicious insiders pose the biggest cybersecurity threat for companies today because they can cause the most damage, and are much harder to detect than outsiders. According to the 2018 Verizon Data Breach Investigations Report, 28 percent of all data breaches involved insiders and that insiders accounted for 76 percent of all compromised records.
Detecting insider threats using conventional security monitoring techniques is difficult, if not impossible. Data science, however, provides a promising alternative. The emerging field of security analytics uses machine learning technologies to establish baseline patterns of human behavior, and then applies algorithms and statistical analysis to detect meaningful anomalies from those patterns that may indicate illicit behavior.
Often, the most terrifying of all threats to a company’s IT network, is that posed by the insider. According to a Ponemon report, over the past two years the insider threat has escalated for businesses, with the average number of incidents involving employee or contractor negligence having increased by 26 percent, and by 53 percent for malicious and criminal insiders.
CyberArk research sheds light on how IT security decision makers aren’t exempt from putting their organisations at risk. A startling 85% worried that they might personally introduce a cybersecurity incident into their company.
Read how businesses across all sectors, can take steps to avoid an insider threat nightmare, according to David Higgins of CyberArk, on Information Security Buzz.
Despite concerted efforts by many US organizations to improve security awareness among users, a new study shows they still have a long way to go. Some 75% of respondents today pose a moderate or severe risk to their company’s data, according to MediaPRO’s third annual State of Privacy and Security Awareness Report, and 85% of finance workers show some lack of data security and privacy knowledge.
The firm surveyed more than 1,000 employees across the United States to quantify the state of privacy and security awareness in 2018. More people fell into the risk category this year than in 2017 – and that number had nearly doubled since the inaugural survey.
Read more about the disturbing findings of the report on DarkReading.
The CERT/CC defines insider fraud as “an insider’s use of IT for the unauthorized modification, addition or deletion of an organization’s data (not programs or systems) for personal gain or the theft of information that leads to an identity crime.” The U.S. Secret Service defines identity crime as “the misuse of personal or financial identifiers in order to gain something of value and/or facilitate some other criminal activity.”
Information targeted for fraud covers a wide range of personal data, including personal identification data, personal financial data, and personal medical data. Understanding the insider threat requires understanding what motivates people to behave, whether that behavior is positive or negative.
Read more about IT sabotage and insider threats, and learn about the preventative measures organizations can take, on TechTarget.
Computer professionals may think their enterprise security is good, but they think their skills are better. In fact, almost half think they could pull off a successful insider attack, according to a new report by Imperva.
Indeed, 43% of the 179 IT professionals surveyed said they could successfully attack their own organizations, while another 22% said they would have at least a 50/50 chance at success. When it came to the attack surface, only 23% said they would use their company-owned laptops to steal information, while nearly 40% said they would rely on their personal equipment.
Read more about the findings of the new Imperva report on DarkReading.
The human factor is a key concern for businesses trying to keep networks secure, according to Kaspersky Lab’s State of Industrial Cybersecurity 2018 survey. With 40% of Internet Connection Sharing (ICS) computers undergoing attacks every six months, companies must try and find ways to end dangerous employee behaviors, said the press release.
Human employees are a huge problem in all of cybersecurity, with most cyberattacks designed to take advantage of human errors rather than flaws in software. Whether it’s clicking on malicious links or accepting fraudulent emails, nearly half (49%) of organizations in all sectors face critical security consequences due to employee errors, according to the release.
Read more about the findings of the new Kaspersky Lab survey on TechRepublic.
Finn Partners Research released findings from its Cybersecurity at Work study that examined the level of cyber risk that employees pose to their organizations.
The in-depth study, which surveyed 500 full-time office employees across the US, found that nearly two in five workers admitted to clicking on a link or opening an attachment from a sender they did not recognize. This security slip-up is significant due to the installation of malware on their devices and the harvesting of sensitive corporate data.
Read more about the findings of the study by Finn Partners Research on Help Net Security.
The pervasiveness of the insider threat is something every company worries about. And according to the conclusions reached by Dtex Systems based on threat assessments from several global organizations, 100 percent of companies have blind spots that enable the continued presence of the insider threat. No argument there.
Every company that provides their employees with decision-making authorities gives their employees the power to make decisions that undermine the company. What stops wholesale anarchy are unified goals, awareness training, and, above all, trust. No company can bring the insider threat down to zero percent. But there are many that bring it close to zero.
Read more about the Dtex 2018 Threat Report, which serves to bring to the forefront those areas where companies can invest their resources to bring down the threat posed by their trusted insiders, on CSO.