Safeguarding sensitive company information is something we all need to be vigilant about in this technological age. But did you know that security breaches are far more likely to be an inside job than the work of an outside hacker?
Marc van Zadelhoff, writing for Harvard Business Review, cites IBM’s 2016 Cyber Security Intelligence Index which established that 60 per cent of all attacks are carried out by people within the company. Three out of four of these were deliberately malevolent, while the rest involved the use of unwitting insiders.
Who is most at risk?
Further IBM research shows your business is most likely to be targeted if it falls into three key categories:
- Healthcare, where masses of personal data is stored.
- Manufacturing, where patents, copyrights and inventory are prevalent.
- Financial services, where huge financial assets like bank deposits, bonds and stocks are at stake.
What insider cyber security risk should you look out for?
- Human error. Even your most trusted employees can makes mistakes. They might send a sensitive email to the wrong address, or send data home in good faith to a system that is not secure enough. Van Zadelhoff says: “The riskiest of these are well-meaning IT admins, whose complete access to company infrastructure can turn a small mistake into a catastrophe.”
- Password leaks. This is the simplest way to give away data. Unwitting employees may be tricked into revealing a password, while others may do so deliberately for personal gain or with malicious intent.
- Hijacked identities. After a breach the finger of blame may be pointed directly at an employee whose ID has been compromised through phishing or malware attacks.
It’s worth remembering that insiders can be highly efficient at covering their tracks and erasing any evidence of their involvement.
How to safeguard your company
So, what is the best strategy for protecting the systems and data that are most valuable to your business without imposing highly restrictive security policies?
Van Zadelhoff suggests making full use of the latest developments in analytics and artificial intelligence to identify threats in a more subtle way. It also pays to make managers more aware of what to watch for.
Here are his top tips:
1) Single out your chief assets for closest monitoring and defence systems.
2) Identify staff members who have most potential to compromise systems and monitor them carefully.
3) Use analytics and AI to track any changes in their habits or behaviour.
4) Establish tough security standards for usernames and passwords to make stealing them harder.
5) Use data and forensics to alert you to any security breaches as soon as they happen to minimise damage.
6) Train your employees to be alert to threats. “Test them and then try to trick them with fake exercises,” says Van Zadelhoff.
Remember, cyber security attacks are not just the stuff of news headlines. They happen every day. Take action now to make sure you are not the next victim – especially if you are in a high-risk sector.