If your company counts 50 people, at least one of them might be a malicious insider, according to new studies. Imperva has recently released a report which says that 36 per cent of surveyed companies suffered a security incident involving malicious insiders in the past year. One in every 50 employees is considered to be a malicious insider.
Another interesting finding is that not all malicious insiders are disgruntled former employees looking to inflict some damage as they close the door on their way out. There are people who are using their position to transform confidential data into a second stream of income. The ramifications of such behaviour can be dire – in one example, a company has had to shut down operations for three weeks, after an attack, and another had its banking system hacked.
Other type of malicious insiders are the unsuspecting ones – those that meant to do no harm, but were simply careless. Few examples include an employee forgetting to log out, allowing someone else to delete company files, or those that visit malware-infected sites, ultimately introducing malware to the corporate network.
“Our study shows that the insider threat is real and reinforces the fact that the biggest threat to enterprise security is the people already on the payroll. The unfortunate reality is that insiders can do far more damage than external attackers because they have legitimate access and vast opportunity.” Said Terry Ray, chief strategist at Imperva.
“To mitigate the risk, enterprises should ask themselves where sensitive data lives, and try to invest more money in protecting that, instead of wasting budget solely building “higher” and more advanced firewalls. Detecting insider threats requires combining a set of technologies and techniques. The basis for good detection is proper monitoring of all data access activity. On top of that, there should be anomaly detection based on behaviour analysis that can detect abusive access patterns or abnormal extraction patterns.”
Photo Credit: andriano.cz/Shutterstock