Addressing Insider Risks Beyond Malicious Intent

By: Arieanna Schweber | 1/13/2016

In 2015, we saw more data breaches and larger data breaches than ever before. Shifts such as mobility, the cloud and even workforce composition have created an ever-expanding attack surface that continues to threaten corporate data. It’s now recognized that people are the root cause of most data breaches, as many as 90% of all breaches, either inadvertently or maliciously putting data at risk. The expansion of the attack surface through mobility, the cloud and even IoT has just increased the number of ways that “people” can put data at risk.

Recently, Nuix interviewed 28 corporate security officials on the current IT security landscape. In their report, Defending Data: Turning Cybersecurity Inside Out With Corporate Leadership Perspectives on Reshaping Our Information Protection Practices, we get a snapshot of the perceived threats within organizations and how those threats are being addressed. Although the study size is small, it was nearly universally believed (93%) that human behaviour was the biggest threat to security, up from 88% the previous year.

Recognizing the threat that people pose to data security, many organizations are implementing programs to minimize these threats. This survey found that 71% of respondents had an insider threat program, 36% engaged in tabletop exercises with employees, and 82% had a BYOD policy, estimates which seem higher than average (again, small sample size). We believe that the focus on “insider threats” implies that employees primarily put data at risk maliciously, which is not the case. Most data security incidents are due to mistakes; for example, 70% of cyberattacks are not sophisticated, relying instead on a combination of phishing and hacking.

We believe organizations need to address the risks of “people” beyond “insider threats” and focus also on mistakes that can (and will) happen. Limiting data access, locking network access after repeated failed log-ins, and automated alerts of suspicious activities are all key areas to minimizing the threats that people pose to data. For example, with the growing attack surface, protecting the endpoint is more important than ever before. A persistent endpoint security solution such as Absolute DDS provides automated alerts, based on security policies such as irregularities to hardware, software or user behaviour, and response tools to remotely freeze or disable devices, delete or copy data, and prove compliance in an audit report.

Read more about our thoughts on employees and data security in Defending Corporate Data in Spite of Employees as well as our whitepaper, ‘The Enemy Within - Insiders are still the weakest link in your data security chain.’

Financial Services