Another year is coming to an end. It is time to ruminate over the mistakes of the past and plan for the year that lies ahead. The year 2018 witnessed some of the biggest data breaches that compromised the personal information of millions of people. But do you know that the most harmful cybersecurity threats actually originate from within an organization? Here’s all that you need to know about the types of insider threats and how can you combat insider threats in cybersecurity?
Facts About Data Breaches You Ought to Know
Data breaches are not getting any cheaper! The loss of data in any form can cost an organization dearly. The findings of a study by the Ponemon Institute revealed that the average cost of a data breach now stands at a whopping USD 3.86 million! Rolling your eyes, are you?
Wait, there’s more! If an organization faces a MEGA Data Breach (1 – 50 million lost records), the average costs of data breaches can shoot up to USD 40 million – 350 million!!!
In fact, it may take months for an organization to even realize that a data breach has occurred! The average time to detect a data breach is nearly 197 days that comes to around 6.5 months. So you can well imagine how much time mega data breaches would take to get detected!
What are Insider Threats or Insider Breaches?
Though imposters are increasingly finding newer ways to launch cyberattacks, the most detrimental threats are actually coming from trustworthy insiders. Yes, you read that right! It’s not malware or malicious cyber criminals but insiders who pose the biggest threat to an organization’s cybersecurity.
Insider breaches or insider threats are the data breaches caused by the employees or members within an organization. They are also some of the most difficult data breaches to identify and are the costliest too.
The 2018 IBM X-Force Threat Intelligence Index reveals that two-thirds of the 2017 data breaches were due to inadvertent insiders. Furthermore, 60% of cyberattacks are due to insider threats!
Insider Threats in Cybersecurity Are For Real!
One may think that it is only vindictive or malicious insiders who cause insider threats in cybersecurity. However, nearly 51% of insider threats are unintentionally caused by ignorant employees or contractors. The insiders who pose a threat includes regular employees, privileged IT users/admins, or temporary workers such as service providers or contractors.
In 2017, Google’s parent company, Alphabet, filed a litigation against a former employee, Anthony Levandowski, alleging that he leaked internal files. Allegedly, he gave away nearly 14,000 business-critical files to his new employer, Uber.
Why Are Insider Threats Costlier & Difficult to Manage?
Data breaches cause organizations a bomb, both in terms of money as well as reputation. Though it is difficult to arrive at the actual cost of a major security breach, a study estimates it is worth USD 100,000 to USD 500,000 per successful insider breach.
So what makes insider threats so dear and difficult to identify?
- Such threats can remain undetected for years, thus increasing the remediation expenses. The longer it takes to identify a breach, the higher are the reparative charges.
- Originating within the organization, it can be challenging to distinguish a malicious activity from routine work. This makes insider breaches hard to detect.
- It is harder to prove an employee involved in insider breaches guilty. This is because anyone can claim the act as an unintentional one and get away with it.
- It is easy to cover up insider breaches by deleting or editing logs to hide malicious activities.
How to Curb Insider Threats in Cybersecurity?
Does your company have critical data and resources, which when misused can cause damage to the company’s reputation and profitability? Does your organization have a framework in place to detect insider threats in cybersecurity? Does it have a strategy and a plan for segregating, launching and testing practices? If not, then it’s something that you start worrying about!
Here are some basic steps that you can take to curb insider threats in cybersecurity.
1. Keep a Watch on Employee Behavior
Keep a watch on sudden changes in your employees’ behaviors such as signs of resentment, anger or unhappiness. An employee’s disappointment with the organization is likely to trigger vengeance in the form of insider breaches. Additionally, watch out for abrupt changes in an employee’s financial conditions or work hours. These could also be indicative of possible dangers for your organization in the offing.
2. Conduct Background Checks
Thanks to the internet, conducting background checks of any individual is now a cakewalk! As an organization, you MUST conduct a thorough background check before taking an employee on board. No need to adopt a complex mechanism. Just Google it, or look through his/her social media profiles. These are sufficient to give one an overview of an individual’s personality! A simple background check can keep insider threats at bay by helping you identify a potential imposter.
3. Monitor User Actions
A user action monitoring software is an organization’s trump card for curbing and investigating insider threats in cybersecurity. This no-fuss software offers a video recording of user sessions that help in reviewing the misuse of data. In case of a misuse, it helps detect if the misuse was planned or unintentional! Furthermore, such user action monitoring solutions are of great help for evidence to provide in the court of law.
4. Regulate User Access
A strong password or encryption not only keep insider breaches at bay but also defends against malicious external threats. Encourage your employees to keep their systems and files password protected. Discourage credential sharing among employees and try to keep the use of shared accounts to the minimum required. Implement and use 2-factor authentication wherever possible. Plus, there are scores of free solutions available out there for enterprise-level data security. Try them out!
5. Create Awareness
As mentioned earlier, not all insider threats in cybersecurity are results of malicious intent. Some are just caused due to inadvertent or ignorant insiders! This makes it crucial to educate employees in the potential of insider threats and the means to curb them. Conduct awareness drives and training sessions to transform your employees into the facilitators of cybersecurity, and not the inhibitors!
Get Consultation on Insider Threats in Cybersecurity from ARDC
The Center for Advanced Research in Digital Forensics and Cyber Security (ARDC) is a pioneer in digital forensics research. ARDC conducts cutting-edge research on cyber and digital forensics to be able to guide organizations on the latest cybersecurity measures. ARDC regularly conducts seminars and workshops to educate organizations in insider threats and the means to curb them.