When security breaches make headlines, the stories are interesting to read and easier for the hacked company to blame it on failure of technology or sponsored espionages. But, in reality, no matter the size or the scope, a breach cannot happen without an action, or failure, of someone inside the company. THE INSIDER!
IBM’s 2016 Cyber Security Intelligence Index, says that 60% of all attacks were carried out by insiders in the last year. Three fourth of these insider attacks were carried out with malicious intent while the remaining one fourth were inadvertent. However, traditional network defences that fail to prevent damage from insiders continue to get most (if not all) security funding of organizations. Unfortunately, the ever-growing risk of insider threat on the companies’ proprietary information remains unrecognized and due to attention. According to IBM’s security research, Health Care, Financial Services and Manufacturing industries takes the places of top three industries under attack, due to their massive wealth of personally identifiable information (PII), personal health information (PHI), personal financial information (PFI) and intellectual properties (IP) amongst other reasons.
The very fact that the access and activities are from trusted sources within the organization makes insider threats is dangerous, as these access and activities would be imperceivable for many preventive and detective mechanism deployed. Forensic investigations can further be made very complicated if the malicious insider can erase evidence of their activities.
The priorities of many organizations remain to protect physical and logical perimeters, patch systems, applications and operating systems. But, in reality what is most vulnerable to insiders is the actual data. A 2016 survey by Vormetric Data Security, indicates that 58% of organizations think that privileged users like (admins, DBAs) present the largest risk to organization’s sensitive data. Notably, 45% of organizations see their executive management as a potential threat vector. Typically, executives have access to almost anything they want within their organization.
Best way to minimize insider threat in an organization is to create a culture of security through technology as well as trainings. The two must work together to educate the employees on what is information security, why is it important, how do we secure information, what tools are there, why they are there, how they work, and how employees must handle data.
Nowadays, artificial intelligence and analytics help make spotting potential insider threats easier and less intrusive. However, we, as security professionals need to be aware of what to look for, where to look at and how to focus our security efforts to the benefit of organization’s secure information handling strategies.
Next time, when you read a degenerated headline about some external hacker doing some mischief on some company, remember that they account for less than half of the breaches out there. Also, remember that the hack might have happened probably due to an unsuspecting insider losing his identity to the hacker. Let’s take action to make sure TCS and its clients aren’t the one in these headlines anytime.
Authored By - Sukiraman Manivannan
TCS Cyber Security
TCS Cyber Security
Rate this article: