12 Important Facts About Insider Security Threats

Insider threats

1 - 12 Important Facts About Insider Security Threats12 Important Facts About Insider Security Threats

Insiders and third-party collaborators account for more than four out of 10 cyber-security incidents, a new report from Aite Group shows.

2 - Four Types of Insider ThreatsFour Types of Insider Threats

Insider threats evolve around intellectual property theft, IT sabotage, fraud and accidents as the result of human error.

3 - Who's at Fault?Who’s at Fault?

Insiders and their third-party collaborators make up 44% of cyber-security incidents.

4 - Who are the Bad Guys?Who are the Bad Guys?

The biggest threat to a company’s cyber-security is outsiders (56%), but malicious insiders (17%) and inadvertent actors (5%) could result in the most damage, according to IBM research.

5 - Watch Out for FraudWatch Out for Fraud

71% of incidents in the financial services sector were fraud cases, according to the CERT Division’s Insider Threat Center’s database for Management and Education of the Risk of Insider Threat. These cases primarily involved current (79%) and former employees (17%).

6 - Big LossesBig Losses

Of 191 cases in the financial services sector, 48% led to a loss of more than $100,000, and 18% lost more than $1 million, according to the CERT Division’s Insider Threat Center’s database for Management and Education of the Risk of Insider Threat.

7 - Detection Is KeyDetection Is Key

49% of 191 incidents studied were detected by nontechnical means (such as a co-worker or client complaint), followed by an audit (41%) system failure (4%), information system (4%) and software (3%).

8 - Weak LinksWeak Links

The biggest source of losses is from servers (31%), printed records (17%), email (14%), laptops (12%), Websites (9%), portable data storage devices (7%), desktops (4%), and telephones (3%) in an analysis of 551 cases by Advisen.

9 - Prioritize BudgetsPrioritize Budgets

Insurance event data offers cyber-security insights to help prioritize initiatives and budgets. In an analysis of 707 cases, 70% were for loss or theft from a digital data breach, according to research from Advisen.

10 - Balancing ActBalancing Act

Insight into a company’s business to understand asset and confidential-information priorities and to identify and prioritize known threats must balance security with the business’ performance.

11 - Insider Threat ProtectionInsider Threat Protection

A layered approach to protection involves written policies and procedures, people screening and training, technological controls, process controls, employee assistance programs, company culture and law enforcement.

12 - Security SlackersSecurity Slackers

Insider protection lapses occur because of a lack of policy and procedure adherence. Upshot: Companies need to follow policies and procedures.

13 - Building AwarenessBuilding Awareness

Information security training—keeping employees informed about the risks and elements of social engineering—is an ongoing task as cyber-security evolves rapidly.


Must Read