Data breaches are on the rise, and insiders are largely to blame. According to the IBM X-Force Threat Intelligence Index 2017, there are several industries where attacks by malicious insiders and inadvertent actors outnumber attacks by outsiders.
With 71 percent of data breaches caused by insiders, healthcare faces more insider threats than any other industry, followed by financial services, retail, manufacturing and information and communications. While malicious outsiders are still responsible for most data breaches, they account only for 13 percent of stolen, compromised or lost data records, according to Gemalto’s Breach Level Index. Malicious insiders, on the other hand, compromised 20 million data records in 2017 alone, up from 500,000 in 2016.
According to a 2017 Insider Threat Report, 53 percent of businesses that have been breached by an insider paid $100,000 and more in remediation costs, and 12 percent paid more than $1 million. But even without looking at any numbers, the impact of insider attacks reverberates through our society. Names such as Anthony Levandowski, who allegedly downloaded 9.7 GB of Google’s data and handed it over to Uber, Edward Snowden, who leaked classified information from the National Security Agency (NSA) or Jiaquiang Xu, who pleaded guilty and went to prison for five years for building and selling a copy of IBM’s software, may ring a bell.
How to Protect Against Insider Threats
Given the significant risk insider threats pose to organizations, knowing how to protect against them is essential. What makes the task of protecting against insider threats particularly difficult is the fact that employees need to have access to potentially sensitive company data to do their work.
Companies should start by identifying high-risk employees and implementing a monitoring and tracking system to detect unauthorized or malicious activity as soon as possible. Likewise, it is advisable to identify the information that is at highest risk for a security breach and classify it accordingly. “Through ‘data tagging,’ you can secure your most important information at a higher level,” explained Roy Gingher, Technical Account Manager at Symantec.
Above all else, it is paramount that employees understand insider threats and strictly follow established security procedures. Employees should be trained against social engineering attacks, malware and all other common data security threats.
How Vology Can Help
Vology understands how significant the risk posed by insider threats is, and we offer comprehensive Managed Security Services to help organizations of all sizes thrive in the digital era. Our security awareness training includes simulated phishing campaigns to teach employees how to deal with the most dangerous threats out there, and our continuous vulnerability scanning relies on the largest and most comprehensive library of known vulnerabilities to uncover network issues before they allow for costly data breaches.
If you would like to learn more about our services, we encourage you to visit vology.com and contact us at 888-808-2199.