Internal Data Breach – The New Cyber Security Threat?

Consider this:
“Insiders and their third party collaborators make up 44% of Cyber Security incidents”.
Whatever the source, the outcome of a data breach is the same, exposing an organisation’s data and impacting its bottom line through reputational damage and remediation efforts.
Whether accidental or malicious, when it comes to an insider threat companies have to return to fundamental business processes.
 Think about the following statement:
“The biggest threat to a company’s cyber security is outsiders (56%) but malicious insiders (17%) and inadvertent actors (5%) could result in the most damage.”
 After speaking to many UK Executives, it is not a secret that Cyber Security is “The” topic of the year. However, it is incredible the amount of trust and access that is continuously given to new employees, highly classified information is shared early on with employees who may clearly take advantage.
Another statement to digest:
 71% of incidents in the financial services sector were fraud cases, according to the CERT Division’s Insider Threat Center’s database for Management and Education of the Risk of Insider Threat. These cases primarily involved current (79%) and former employees (17%).
Why should anybody care?
“Of 191 cases in the financial services sector, 48% led to a loss of more than $100,000, and 18% lost more than $1 million, according to the CERT Division’s Insider Threat Center.”
Speaking with a former banking sector Senior Executive it was clear that it is highly unlikely a financial institution would come forward and speak openly about any internal breaches.
Financial institutions, in particular, face a multitude of information security challenges. These challenges range from a lack of policy and procedure, adherence to said procedures, poor access management controls to a need to balance security with operational success, keeping employees informed about cyber-security risks.
If companies do not want to be in the press then it really is time to do something about.
What can we do about it?
A layered approach to protection involves written policies and procedures, people screening and training, technological controls, process controls, employee assistance programs, company culture and law enforcement – it is not an easy task by any stretch of the imagination.
Building awareness and following policies and procedures is key.
If you work in an organisation involved in selling goods or services, think about the new sales guy that has come in and is glowing about the database of sales opportunities and or customers he or she has brought from his previous company. It can be as simple and easy as that.
Think about it…….
 Sources:
12 Important Facts About Insider Security Threats
authors By Gina Roos – See more at:
http://www.channelinsider.com/security/slideshows/12-important-facts-about-insider-security-threats.html#sthash.cmGWPI0R.dpuf
Contact Me: contact@allstarspace.com
If you liked this, see my other posts:
Apple vs FBI
Brexit – In or Out?
Shared Office Space – Freedom or Free Me?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s