The greatest concerns to businesses come from within
With the shift to the digital economy and with greater opportunities to collect large amounts of data and faster exchange of information, rises an increased risk to personal and organizations data, misuse and abuse and threats to privacy.
To protect both themselves and their customers, companies need to secure their data. This starts with critically evaluating what data they hold, and then securing, dumping and outsourcing it as necessary.
We can never be entirely protected from data breaches, but understanding data is the first step to minimising the risk.
Many businesses are finding the source of their greatest concerns are trusted employees with whom they interact every day.
The insider threat is growing, with more than half (53%) of organizations confirming insider attacks in the past 12 months and 27% stating they have become more frequent, according to a new study. High-profile incidents and news headlines have both spread awareness of the growing problem.
Ninety percent of businesses feel vulnerable to insider attacks, according to the new study by Cybersecurity Insiders. The group polled its member community of 400,000 people to learn about trends, insights, and guidance for its 2018 Insider Threat Report.
"You can see trend lines over time," says Holger Schulze, founder and CEO of Cybersecurity Insiders. "There is increased awareness not just that insider threats are real, but if and when they occur, they can be much more harmful than malicious attacks from the outside."
Not all insider attacks are malicious in nature, says Jon Heimerl, manager of the threat intelligence communication team at NTT Security. Data from the company's latest Quarterly Threat Intelligence Report indicates 25% of insider threats are hostile; the remaining 75% are due to accidental or negligent activity.
While accidental threats are more numerous, malicious insiders could cause more damage.
"A malicious insider - a guy who gets a job and does industrial espionage or gets disgruntled - those breaches tend to be bigger because they have more access to a lot of data and know exactly where to look to find data to steal," says Heimerl. "That's the problem hackers usually have. They have to find what, and where, that cool data is."
How to know if an insider threat is imminent? Many organizations are trying to figure it out. Insider threat detection is the top focus for 64% of companies, followed by deterrence methods (58%), and analysis and post-breach forensics (49%).
"Organizations realize deterrence is important, but at the end of the day they have to assume - especially larger organizations - there are active insider threats and insider attacks occurring," Schulze notes.
Here, the experts lay out red flags and best practices to help you determine when an insider threat is happening and what you can do to protect yourself.