“The insider threat hasn’t gone up; there have always been dishonest employees,” Pescatore says. “What has gone up, and what the real insider threat is employees trying to do their jobs using technology that we didn’t first make safe. And then, oops, information is either accidentally exposed or left open such that a fairly simple cyber attack can get to it. That represents thr majority of growth of insider incidents.”
Some employees may not know they are doing anything wrong. They’re just doing what they think needs to be done to do their job. Everyone within the security field has heard of numerous cases of people copying sensitive databases to their mobile devices and bringing them home from work. It happens every day, and every day
does your organization have a way of tracking how information is being copied and transported?
that your employees do this, they are putting your organization at serious risk. If that device is lost or stolen, you face a serious breach with all of those costs I mentioned earlier.
does it have a way of protecting the data at rest, in motion and in use? does your organization have a way of tracking how information is being copied and transported? does it have a way of protecting data at rest, in motion and in use? As a CEO, you should at very least know the answer to those questions, because your job very well may depend on it.
Because employees and trusted partners with access to your information will take risks if they aren’t aware of them, education plays a big part in curbing insider threat. Education is huge because simply telling errant employees not to do something doesn’t always have the desired effect. People sometimes justify bad behavior when they are under-the-gun; they think, “I’ll just do it this once,” or “They didn’t really mean it when they said not to do this.” It is the job of your information security department to educate users and make sure they understand why taking certain actions puts the business at risk. And it is your job as the CEO to back up the Chief Information Officer (CIO) and to really emphasize the stakes at hand. Often the only way employees will listen is if the directive comes from the top, so give your infosec personnel some support.
Education can’t do it alone, however. The only way to truly keep insiders to their word is through automated policy enforcement, smart monitoring technology and effective use of account restrictions.
dId yOu KNOw ?
Most insider events are triggered by a negative event in the workplace.
Most perpetrators had prior disciplinary issues.
Most insider events were planned in advance.
Up to 87 percent of attacks didn’t require advanced technical knowledge.
Approximately 30 percent of incidents happened at the insider’s home through remote access.
From the Insider Threat Study conducted by the National Threat Assessment Center of the U.S. Secret Service and the Software Engineering Institute at Carnegie Mellon University, 2005