12 Important Facts About Insider Security Threats
- 1 of
-
12 Important Facts About Insider Security Threats
Insiders and third-party collaborators account for more than four out of 10 cyber-security incidents, a new report from Aite Group shows. -
Four Types of Insider Threats
Insider threats evolve around intellectual property theft, IT sabotage, fraud and accidents as the result of human error. -
Who's at Fault?
Insiders and their third-party collaborators make up 44% of cyber-security incidents. -
Who are the Bad Guys?
The biggest threat to a company's cyber-security is outsiders (56%), but malicious insiders (17%) and inadvertent actors (5%) could result in the most damage, according to IBM research. -
Watch Out for Fraud
71% of incidents in the financial services sector were fraud cases, according to the CERT Division's Insider Threat Center's database for Management and Education of the Risk of Insider Threat. These cases primarily involved current (79%) and former employees (17%). -
Big Losses
Of 191 cases in the financial services sector, 48% led to a loss of more than $100,000, and 18% lost more than $1 million, according to the CERT Division's Insider Threat Center's database for Management and Education of the Risk of Insider Threat. -
Detection Is Key
49% of 191 incidents studied were detected by nontechnical means (such as a co-worker or client complaint), followed by an audit (41%) system failure (4%), information system (4%) and software (3%). -
Weak Links
The biggest source of losses is from servers (31%), printed records (17%), email (14%), laptops (12%), Websites (9%), portable data storage devices (7%), desktops (4%), and telephones (3%) in an analysis of 551 cases by Advisen. -
Prioritize Budgets
Insurance event data offers cyber-security insights to help prioritize initiatives and budgets. In an analysis of 707 cases, 70% were for loss or theft from a digital data breach, according to research from Advisen. -
Balancing Act
Insight into a company's business to understand asset and confidential-information priorities and to identify and prioritize known threats must balance security with the business' performance. -
Insider Threat Protection
A layered approach to protection involves written policies and procedures, people screening and training, technological controls, process controls, employee assistance programs, company culture and law enforcement. -
Security Slackers
Insider protection lapses occur because of a lack of policy and procedure adherence. Upshot: Companies need to follow policies and procedures. -
Building Awareness
Information security trainingkeeping employees informed about the risks and elements of social engineeringis an ongoing task as cyber-security evolves rapidly. -
-
What Partners Need to Know About HP, Inc.
View Slideshow » -
MSPs Face Big Cybersecurity Talent Gap
View Slideshow » -
Why Tech Companies Are Eager to Invest in 5G
View Slideshow » -
The Problem With Partner Referral Programs
View Slideshow » -
Microsoft Taps Channel for Digital Business
View Slideshow » -
New Technologies Will Fuel Channel Opportunities
View Slideshow » -
Channel's Transition to the Cloud Requires More Time
View Slideshow » -
Microsoft's Cloud Channel Begins to Mature
View Slideshow » -
Defining MSPs' Goals, Challenges and Tools
View Slideshow » -
Why Metrics Matter to the Channel
View Slideshow »
-
The fundamentals matter the most when protecting an organization from insider threats, whether they are accidental or malicious, according to a new report from research and advisory firm Aite Group. The outcome of a data breach is the same, exposing an organization's data and impacting its bottom line through reputational damage and remediation efforts. Based on Aite's discussions with asset managers and global custodian service providers, the report, "Cybersecurity Insider: The Asset as Threat," finds that accidental events are undercounted primarily due to fear of reputational damage. The study, which also examines data from IBM, CERT, Advisen and other sources, reveals that financial institutions, in particular, face a multitude of information security challenges. These challenges range from a lack of policy and procedure adherence and poor access management controls, to a need to balance security with an organization's performance, keeping employees informed about cyber-security risks, and a talent shortage of security professionals. In many of these cases, it opens up new opportunities for managed security services companies to provide services around specific security tasks. Here are key takeaways from the report covering insider threats, protection methods and challenges.
What Partners Need to Know About HP, ...
In the channel, HP, Inc. is a storied vendor that has relationships...Watch Now