April 11, 2016
Insiders are commonly held to be the weakest link in data security. It’s now recognized that people are the root cause of most data breaches (responsible for up to 90% of all breaches), either inadvertently or maliciously putting data at risk. Shifts such as mobility, the cloud, and even workforce composition have created an ever-expanding attack surface that continues to threaten corporate data and present more ways that these Insiders can put data at risk.
In our whitepaper, The Three Faces of Insider Threat, we take a new look at the Insider Threat, defining the kinds of behaviors responsible data being put at risk. We look at Malicious Insiders (who purposefully release data), Negligent Insiders (who mistakenly release data, the most common group) and a third group, Unsuspecting / Acting Insiders (whose credentials are taken over by an outsider). The paper outlines how to prevent and detect the threats presented by each of these insiders.
Many organizations have a mistaken belief that “it can’t happen to them,” or that they “trust” their employees. This is a dangerous belief to hold, as it leads to complacency when it comes to preventing the insider threat, particularly from Malicious Insiders. A new report from Market Pulse revealed that one in five employees would sell passwords to an outsider, while an additional 26% admitted to uploading sensitive information to cloud apps with the explicit aim of sharing it outside the company. The company also revealed the growing threat of Shadow IT, with one in three employees purchasing a SaaS/Cloud application without IT’s knowledge; this also shows the rise in Negligent Insiders who are putting data at risk unknowingly or carelessly.
In our whitepaper, we talk about the motivations of Malicious Insiders, who have the potential to do a lot of damage very quickly, and the importance of technologies that limit access to data and detect non-compliant behaviour quickly. Learn more about the Insider Threat on our website or how Absolute DDS can help your organization plug the security holes created by mobility and the role of insiders. Our unique Persistence technology offers an important layer to any data security strategy and helps mitigate the risk of human error, rogue employees, and cybercrime. Learn more at Absolute.com.
Share this article