In 2017, the worldwide spend on information security products and services will reach $86.4 billion. The majority of cybersecurity spend will be on defending against external hackers and criminal groups. However, many organizations overlook the even larger threat, the trusted employees and vendors with access to internal key systems and data required to perform their jobs. According to recent research, more than 60% of all cyber security incidents are caused by people already inside of the organization and the average cost of an insider-related security breach is upwards of $5 million.
The greatest cybersecurity threat an organization faces is no longer the malicious outsider trying to get in from beyond network firewalls. It is the insiders — however, there is a lot to keep in mind when protecting your business from insider threats. It is important to remember addressing insider threats requires a different approach to traditional cybersecurity practices. Here are five key considerations when protecting your organization from insider threats:
Every Business Function is a Potential Risk
It’s easy to assume that vital financial and legal documents are the only things at risk from insider threats. But in reality, everything is at risk. Every business function can be manipulated or leaked out from the inside. Customer support, perhaps surprisingly, is the area of biggest risk, according to a Ponemon Institute survey. Out of the many business functions – including finance, legal, sales force operations – respondents believed customer support was their greatest area of concern. With a treasure trove of data at their fingertips, it shouldn’t be a surprise that employees, particularly those working in customer support, often are behind the theft of data. Information may also be at risk during data transfers to a third-party customer support agency, increasing the chance that unauthorized parties could get their hands on your data.
Emerging Technologies Improve Productivity but Also Pose a Big Risk
Cloud applications have strengthened the ability to work while on the go. Employees can share files amongst themselves and clients, communicate almost effortlessly, and perform a slew of tasks that previously were limited to costly, on-site programs. With cloud apps, your business can work from anywhere, at any time, and with anyone. Today, tracking activities on the many apps that employees use daily is far more difficult and resource intensive. Significant time is required of security teams to correlate and review access and usage logs – and that’s assuming those records are even available. Companies are understandably extremely worried about this lack of visibility.
It’s Not the Breach; it’s the Time to Detect and Time to Remediate
Time is of the utmost importance when it comes to data breaches. While a breach can damage a company’s reputation and brand, the time it takes to discover a breach can be just as harmful and could mean the difference between a minor incident and a major theft. As long as malicious insiders are able to remain undetected, they have the opportunity to carry out long-range plans that cause damage and cost money. Companies typically struggle with tracking insider activity during off-hours. The ability to work in the cloud has empowered employees to complete tasks from home and on the road, but the flip side is that off-premise apps can bypass a company’s firewall exposing data. Ponemon Institute quantified the cost of undetected data breaches. Malicious attacks cost $170 to resolve per record, and they take an average of 256 days to identify. On the other hand, human error or negligence costs $137 per record and an average of 158 days to identify.
Not all Insider Threats are Intentional
Accidents happen. It is human nature for people to make mistakes. As much as insider threat involves malicious employees trying to steal data, trade secrets and other information, many forget that the insider threat also results from employees making simple mistakes; mistakes that can cost your company millions of dollars. These mistakes include responding to phishing attempts or technical staff making configuration mistakes. Awareness training is key to combatting these types of incidents. Whether it is an all-hands-on-deck meeting or a high-priority reminder email, your business is at risk if your employees are not given the information or the risk assessment tools to help them look out for these types of accidents.
People, Process, Technology in that order
All too often, organizations throw money at the problem to solve it. But, the truth is, no technology or tool will ever be a magic wand for solving the insider threat problem. To build an effect insider threat program you have to first elect a champion and build an insider threat team. Figure out the key stakeholders and everyone that should be addressing the problem. Consider Human Resources, Legal, Cybersecurity, Internal Audit, Privacy, Compliance and other members of the senior leadership team. Then, think of tackling insider threat as a team sport; establishing proper communication channels, clear policies, and effective procedures are crucial to the success of any organization trying to proactively mitigate the risk of insiders. Only after you have built the team and established the processes are you ready to evaluate technology solutions.
You can learn more about ObserveIT’s approach to building an insider threat program here.