Insider Threat

3 ways to protect your organization against the insider threat

Unless you’ve been living under a rock, you probably know that cyber-attacks are on the rise and hitting businesses hard. Over the past few years, swathes of high-profile attacks have dominated media headlines with eye-watering data-breach and lost revenue figures.

With global corporations, including Yahoo, Equifax and the NHS suffering devastating attacks, defending your organization might seem like a monumental task, especially if multimillion-dollar companies are struggling to defend against the sea of online threats. However, understanding where the threats are coming from and how incidents occur will give you the ability to protect your organization against them. 

Our latest research reveals that the extended enterprise (employees, customers, suppliers, and ex-employees) is responsible for 74% of cyber incidents. The research, which surveyed 600 business decision makers and 1,200 employees across the UK, US, Germany, and Australia, found that an organization’s employees alone – whether through malicious or accidental actions – made up 42% of incidents, providing organizations with a clear starting point in addressing their cyber security. 

Know thy enemy

Sun Tzu’s frequently quoted sentiment is as applicable to cyber security as it is to the art of war. Understanding the threat means being able to defeat it, and when it comes to defending your organization in the digital age, internal threats pose the biggest problem. In 2015, unknown parties, such as hackers and criminal cells carried out 33% of attacks on organizations – a figure that is now down to just 26%. The internal threat, however, is on the rise.

65% of these incidents are accidental or inadvertent rather than deliberate and make up the majority of internal threats. As most businesses believe their critical data predominantly lies in non-technical departments, such as finance (55%), HR (45%) and legal or compliance (43%), addressing employee use and education around data handling is the first of many steps to addressing the insider threat:  

  • Know where your data is and educate your employees

    Every department in a business holds personally identifiable data to a greater or lesser extent, whether it’s the payroll records handled by finance officers or the target audience data used by marketing executives. Employees in these departments must recognize the potential security dangers associated with the data they use. Regular training seminars and tailored data security workshops might seem like overkill but will help educate employees about how to safeguard the data they handle and motivate them to care about the ramifications of a breach. With GDPR fast approaching, these will become a necessity that organizations avoid at their peril.
  • Build remote working into the data protection plan

    A significant contributor to the insider threat lies in the blurring lines between personal and work-based technologies. Flexible working coupled with mobile work technologies such as laptops and smart phones means that critical data is being taken outside of the bounds of the workplace and, therefore, must be secured both remotely and locally. Remote working security training should be incorporated into the data security workshops and seminars as the two invariably overlap. What’s more, a remote working policy should be developed within the overall data handling policy.
  • Invest in data protection and breach prevention technologies

    Whilst the risk factor around employee handling of data can be reduced, human error is inevitable. To avoid this and comprehensively secure your organization, investment in Data Loss Prevention (DLP) tools, content inspection software and document sanitization and redaction are the biggest priorities in preventing data loss and can also be used to demonstrate compliance with GDPR legislation. With these technologies, businesses can ensure that critical information isn’t being sent inadvertently or maliciously by staff. What’s more, redaction and content inspection only remove the information that breaks policy, offering a flexible approach to efficient business operations.

Additional Information

Related Articles