Where are the biggest gaps in endpoint security models today? This Ponemon study identified three main areas: unprotected mobile devices, the insider threat, and third-party cloud applications. Given these gaps, most IT security pros say that employees are the biggest threat to companies. Forrester estimates that Insiders accounted for 39% of data breaches in 2015. These internal incidents also accounted for more breaches than external attacks alone.
In 2014, the US Department of Homeland Security defined an Insider Threat as:
“...a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system or data and intentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization’s information or information systems.”
Since then, our understanding of the Insider Threat has evolved. We know now that malicious employees are not the ones who should make you worry. In my article on Infosec Island, I explore the Insider Threat in the context of past breaches at AT&T Services and SnapChat and the resulting fallout. These events show that well-meaning employees can cause as much damage as malicious ones. And cyberattacks originating from negligent employees are rapidly increasing.
Here at Absolute we like to talk about the Three Faces of the Insider Threat. Traditional data security tools such as encryption simply can't address the Insider Threat directly. Insiders are already authorized to bypass these types of security barriers. They have verified network credentials. In order to address the Insider Threat, we need to ensure our security policies and technologies can see more than just malicious behaviour.
Read the full article Insider Threat: Why Negligence Is More Dangerous Than Malevolence at Infosec Island.
Monitor and protect against malicious and negligent insiders, regardless of user, location or whether they’re on or off network with Absolute DDS. With intelligence-driven data and automated alerts for unusual device or user behaviour or for the presence of sensitive data on the endpoint, you can take pre-emptive action to enforce security policies or to remediate security incidents before they become data breaches.