It’s clear the insider threat is becoming a bigger issue for companies. Ever more high profile attacks are linked to employees. Recent Clearswift research showed nearly 75% of security breaches come from within a business’s own networks, but 28% of security professionals think that board level executives don’t see internal threats as an issue until an attack.
So, what can we do to help businesses prepare for this?
Over the next few months, the team at Clearswift will be diving deeper into insider threats than ever before, with new research and resources. We believe that by having detailed intelligence around insider threats, you can formulate a game plan to combat them and this applies to both honest mistakes and malicious attacks.
We have released new statistics which show a third of employees would sell information their company’s critical information, including company patents, financial records and customer credit card details, if the price was right.
25% of respondents would sell the data for just £5,000, the equivalent of a luxury family holiday or less than three months average wage, and some would sell for as little as £100!
While this information may not seem very valuable to the average person, it’s the age-old story of the value of the data to the person whose hands it ends up in. To criminals, competitors and even other employees, the information could provide the perfect way to cause damage to an organisation’s finances, morale and reputation.
Whilst people are generally taking security more seriously – 65% of employees said they wouldn’t sell data for any price – there is still a significant group of people who are willing to profit from selling something that doesn’t belong to them. This information can be worth millions of pounds.
This is demonstrated clearly in recent attacks, such as the Ashley Madison hack, where user data was accessed by a member of their extended enterprise according to the site’s CEO; the effects of which have been monumental. In other cases, like the Sony hack, this information could be used simply to embarrass a company by sharing private emails and information that were never intended for public consumption.
With only 29% thinking that company data is their personal responsibility – business leaders will need to look at ways to stop simple mistakes happening within their organisation and to identify potential threat areas within the network. It is not good business to live in fear of your employees, especially as most can be trusted. Getting the balance right has always been hard. But truly understanding where the problems come from, combined with advances in technology which can adapt to respond differently to different threats, really changes the game here.