Chief Marketing Officer at ERP Maestro
3 Reasons Why Insiders Are Your Company’s Biggest Security Threat in 2019
Ransomware and other kinds of criminal malware that attempt to breach your perimeter defenses get a lot of attention when it comes to security strategy, but what lurks on the inside should be even higher on the priority list.
Here’s why: Many organizations have already suffered an insider attack. Recent research from Crowd Research Partners finds a majority –53 percent–of organizations surveyed confirmed insider attacks against their organization in the previous 12 months.Even those organizations who have not experienced an attack know the risk is all too real. As part of the poll, Crowd Research Partners asked cybersecurity professionals to assess their organization’s vulnerability to insider threats. A whopping 90 percent their organizations feel vulnerable.
Moreover, insiders are also costing companies millions annually. According to Ponemon Institute, the average cost of insider threats per year for an organization is more than $8 million. “It’s critical for organizations to understand the main causes of insider threats, because detecting insiders in a timely manner could save millions of dollars,” notes a summary of the Ponemon findings.
Understanding insiders, their actions, motives and how they can carry out these attacks is only half the battle. These three reasons explain why insiders are your company’s biggest security threat in 2019.
1. Most Insiders Have Good Intentions, but Are Negligent
Not every insider attack is the result of someone with malicious intent. In fact, most employees have no ill will or desire to do something wrong, nor do they want to harm your organization. But according to another study from Ponemon, it is employee or contractor negligence that is responsible for the majority of insider incidents. Criminal and malicious insider activities are the next most common factor, and credential thief (imposter risk) is the third.
But this also points to the criticality of proper controls for ALL who have access to the inside of your organization. While most insiders don’t want to cause trouble, they inadvertently end up becoming responsible for an incident simply through their own mistakes.
Examples of insider events that are accidental include an employee who clicks on a phishing link and ends up impacting the entire corporate network, trusting an insider who gives sensitive information away to a social engineering criminal simply because they were tricked, an employee who sends a sensitive file to the wrong address, or an employee who accidentally performs a transaction in a business system.These are all mistakes that were not made with malice yet happen with great regularity. Without the proper controls in place, an organization is failing to protect itself.
2. Insiders Usually Act Alone, but Collusion Can Be Devastating
Most insiders who intentionally commit criminal fraudulent acts against an organization are usually acting on their own. However, according to figures from Carnegie Melon, collusion among malicious insiders can produce a larger attack surface in terms of access to organizational assets.
At the time of the research, 48 percent of the incidents tracked by Carnegie Melon’s CERT involved insiders working with known accomplices, including outsider accomplices and/or insider accomplices. Among incidents with a financial impact of $1 million or more to an organization, 60 percent were cases that involved collusion.
A report on the findings notes collusion also typically leads to a “longer con.” In other words, with multiple players involved, the ruse goes on for an increased period of time, and the damage is larger. “On average, an incident that involves collusion will have a duration that is nearly four times as long as one that is committed solely by a single insider,” notes the report.
3. Insiders Are Empowered by Poor Controls Around Access
Access control is your largest security gap when it comes to containing the actions of insiders. A report from Varonis finds that 21 percent of all folders inside organizations are open for everyone in the company to access, while at least a third of companies have 1,000 sensitive folders open to everyone.
This is the epitome of high risk. If you’re reading this and thinking about what kind of data your business may have hanging out there for any insider to access, it is high time to inspect company-wide access and implement controls for access to sensitive data accordingly.
Insiders: A Threat Not to Be Ignored
With most organizations already a victim of an insider attack, the time is now to evaluate how your company is protecting its sensitive and private information. Insider attacks can be costly, damage a business reputation, result in the loss of intellectual property, and result in fines and other monetary losses. The figures stack up to prove that it is not a question of if, but when, an insider will impact your business.
The good news is that many insider attacks can be prevented with the proper access controls in place and explanation of their purpose to employees. Ensuring that employees and contractors only have access to the essential records and systems they require is a vital step to keeping insider data breaches at bay. Only then does corporate data have a better chance at staying where it belongs: inside company walls.