“Insiders and their third party collaborators make up 44% of Cyber Security incidents”.
Whatever the source, the outcome of a data breach is the same, exposing an organisation’s data and impacting its bottom line through reputational damage and remediation efforts.
Whether accidental or malicious, when it comes to an insider threat companies have to return to fundamental business processes.
Think about the following statement:
“The biggest threat to a company’s cyber security is outsiders (56%) but malicious insiders (17%) and inadvertent actors (5%) could result in the most damage.”
After speaking to many UK Executives, it is not a secret that Cyber Security is “The” topic of the year. However, it is incredible the amount of trust and access that is continuously given to new employees, highly classified information is shared early on with employees who may clearly take advantage.
Another statement to digest:
71% of incidents in the financial services sector were fraud cases, according to the CERT Division’s Insider Threat Center’s database for Management and Education of the Risk of Insider Threat. These cases primarily involved current (79%) and former employees (17%).
Why should anybody care?
“Of 191 cases in the financial services sector, 48% led to a loss of more than $100,000, and 18% lost more than $1 million, according to the CERT Division’s Insider Threat Center.”
Speaking with a former banking sector Senior Executive it was clear that it is highly unlikely a financial institution would come forward and speak openly about any internal breaches.
Financial institutions, in particular, face a multitude of information security challenges. These challenges range from a lack of policy and procedure, adherence to said procedures, poor access management controls to a need to balance security with operational success, keeping employees informed about cyber-security risks.
If companies do not want to be in the press then it really is time to do something about.
What can we do about it?
A layered approach to protection involves written policies and procedures, people screening and training, technological controls, process controls, employee assistance programs, company culture and law enforcement – it is not an easy task by any stretch of the imagination.
Building awareness and following policies and procedures is key.
If you work in an organisation involved in selling goods or services, think about the new sales guy that has come in and is glowing about the database of sales opportunities and or customers he or she has brought from his previous company. It can be as simple and easy as that.