Malicious insiders are responsible for a significant proportion of serious cyber attacks because their organisational knowledge equips them to exploit vulnerabilities and hit a company where it hurts. Here’s how to deal with the threat and protect your business.
The 2019 Verizon Insider Threat Report concludes that 20% of all cyber security incidents and nearly 15% of all data breaches in the Verizon 2018 Data Breach Investigations Report resulted from insider and privilege misuse by individuals within the affected organisation, legal website Lexology reports.
Malicious insiders take advantage of
- authorised access to information systems
- knowledge of what data is stored
- awareness of security practices
- windows of opportunity.
Insider risk management strategy should focus on two aspects of these exposures: the organisation’s assets and its people to deter, prevent, detect and respond to data breaches by potential malicious insiders, the Australian Government’s The Insider Threat to Business - Organisational Resilience handbook advises.
Review physical access practices such as the issue and scope of security passes. You may also consider the use of closed circuit television cameras at key points in your office layout.
Avoid shared administrative accounts. If sharing is unavoidable the account’s use should be monitored and passwords changed when staff members with access leave.
Audit new accounts, especially those with administrative or remote access, including obtaining verification from the account owners.
Using and monitoring a standard operating environment supports detecting changes or abnormalities. Systems logs should be monitored by a security specialist and backed up as forensic evidence in the case of a data breach.
Protocols for vetting your people
Recruitment checks should include identity and background checks, including scrutinising CVs, viewing qualification documents and contacting referees and organisations listed.
Malicious insiders may be motivated by a number of factors: a grudge or disenchantment, financial gain or simply an urge to break the rules. Signs that may flag possible threat include
- decline in performance
- verbal expressions of discontent
- nervousness or anxiety
- signs of addictive problems
- inappropriate interest in sensitive information.
Safeguard against the cost of breaches
According to the Ponemon Institute each stolen record is worth about $150, while the global average total cost of a data breach to an organisation is approaching $4 million.
Mitigating against cyber attacks is the best method to avoid any potential damage to a business but cyber insurance can also help to pick up the pieces should something go wrong.
Gallagher can help businesses formulate preventative strategies, as well as deal with the impact of a data breach. Talk to a Gallagher cyber specialist about how our Gallagher experts can help you limit your cyber security exposure.