12 Important Facts About Insider Security Threats

 
 
By Gina Roos  |  Posted 2016-01-15 Email
 
 
 
 
 
 
 
 
 
  • Previous
    1 - 12 Important Facts About Insider Security Threats
    Next

    12 Important Facts About Insider Security Threats

    Insiders and third-party collaborators account for more than four out of 10 cyber-security incidents, a new report from Aite Group shows.
  • Previous
    2 - Four Types of Insider Threats
    Next

    Four Types of Insider Threats

    Insider threats evolve around intellectual property theft, IT sabotage, fraud and accidents as the result of human error.
  • Previous
    3 - Who's at Fault?
    Next

    Who's at Fault?

    Insiders and their third-party collaborators make up 44% of cyber-security incidents.
  • Previous
    4 - Who are the Bad Guys?
    Next

    Who are the Bad Guys?

    The biggest threat to a company's cyber-security is outsiders (56%), but malicious insiders (17%) and inadvertent actors (5%) could result in the most damage, according to IBM research.
  • Previous
    5 - Watch Out for Fraud
    Next

    Watch Out for Fraud

    71% of incidents in the financial services sector were fraud cases, according to the CERT Division's Insider Threat Center's database for Management and Education of the Risk of Insider Threat. These cases primarily involved current (79%) and former employees (17%).
  • Previous
    6 - Big Losses
    Next

    Big Losses

    Of 191 cases in the financial services sector, 48% led to a loss of more than $100,000, and 18% lost more than $1 million, according to the CERT Division's Insider Threat Center's database for Management and Education of the Risk of Insider Threat.
  • Previous
    7 - Detection Is Key
    Next

    Detection Is Key

    49% of 191 incidents studied were detected by nontechnical means (such as a co-worker or client complaint), followed by an audit (41%) system failure (4%), information system (4%) and software (3%).
  • Previous
    8 - Weak Links
    Next

    Weak Links

    The biggest source of losses is from servers (31%), printed records (17%), email (14%), laptops (12%), Websites (9%), portable data storage devices (7%), desktops (4%), and telephones (3%) in an analysis of 551 cases by Advisen.
  • Previous
    9 - Prioritize Budgets
    Next

    Prioritize Budgets

    Insurance event data offers cyber-security insights to help prioritize initiatives and budgets. In an analysis of 707 cases, 70% were for loss or theft from a digital data breach, according to research from Advisen.
  • Previous
    10 - Balancing Act
    Next

    Balancing Act

    Insight into a company's business to understand asset and confidential-information priorities and to identify and prioritize known threats must balance security with the business' performance.
  • Previous
    11 - Insider Threat Protection
    Next

    Insider Threat Protection

    A layered approach to protection involves written policies and procedures, people screening and training, technological controls, process controls, employee assistance programs, company culture and law enforcement.
  • Previous
    12 - Security Slackers
    Next

    Security Slackers

    Insider protection lapses occur because of a lack of policy and procedure adherence. Upshot: Companies need to follow policies and procedures.
  • Previous
    13 - Building Awareness
    Next

    Building Awareness

    Information security training—keeping employees informed about the risks and elements of social engineering—is an ongoing task as cyber-security evolves rapidly.
 

The fundamentals matter the most when protecting an organization from insider threats, whether they are accidental or malicious, according to a new report from research and advisory firm Aite Group. The outcome of a data breach is the same, exposing an organization's data and impacting its bottom line through reputational damage and remediation efforts. Based on Aite's discussions with asset managers and global custodian service providers, the report, "Cybersecurity Insider: The Asset as Threat," finds that accidental events are undercounted primarily due to fear of reputational damage. The study, which also examines data from IBM, CERT, Advisen and other sources, reveals that financial institutions, in particular, face a multitude of information security challenges. These challenges range from a lack of policy and procedure adherence and poor access management controls, to a need to balance security with an organization's performance, keeping employees informed about cyber-security risks, and a talent shortage of security professionals. In many of these cases, it opens up new opportunities for managed security services companies to provide services around specific security tasks. Here are key takeaways from the report covering insider threats, protection methods and challenges.

 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
























 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date