Businesses Get Better At Detecting Insider Threats

The cyber security threat to companies from their own employees is on the rise, according to new research. Data security company Clearswift surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia and found year-on-year cyber security incidents are also on the rise generally.

Clearswift found companies are able to spot suspicious activity significantly quicker than two years previously.

Inadvertent or malicious threats from employees make up 42 per cent of incidents, up from the 39 per cent in 2015.

When looking at the extended enterprise, employees, customers, suppliers, and ex-employees, this number reaches 74 per cent, compared to 26 per cent of attacks from groups unknown to the organisation. In 2015, 33 per cent of attacks were carried out by unknown parties, so this proportion is falling, which may seem surprising given the recent swathe of high profile attacks, such as WannaCry, which affected over 230,000 computers.

Large-scale external threats are more likely to encourage companies to add cyber security to the boardroom agenda, with 29 per cent of UK businesses doing so in recent months.

“As GDPR approaches, every department in a business will need to recognise the potential security dangers associated with the data they use,” said Dr Guy Bunker, SVP Products at Clearswift.

“Businesses may fall victim to the frenzy around high profile attacks and organisations may be quick to look at threats outside the business but, in reality, the danger exists closer to home.

“The blurring lines between personal and work-based technologies has led to an unabated rise in the insider threat.

“A reactive policy of blocking technologies may prove futile as users will inevitably find a work-around. Educating employees about how to safeguard critical information, motivating employees to care more about the ramifications of a breach, and increasing investment in Data Loss Prevention tools are the biggest priorities needed to minimise the risk of internal security breaches.

“Being a responsible data citizen will also require organisations to look at the way in which partners or suppliers hold and share information, as breaches within the extended enterprise could also lead to heavy fines for the originating business.”

Although internal threats pose the biggest threat to most organisations, employers believe that the majority (65 per cent) of incidents are accidental or inadvertent rather than deliberate in intent; this remains unchanged over the past three years and highlights a critical need for better security education within most organisations.

This is particularly relevant, as most businesses believe their critical data predominantly lies in non-technical departments, such as finance (55 per cent), HR (45 per cent) and legal or compliance (43 per cent).

More than half of organisations (52 per cent) say they are spotting an issue within an hour, compared to only a third (34 per cent) two years ago.

BusinessCloud

You Might Also Read: 

Data Threat: Your Ex-Employees:

Directors Report January 2017. Cyber Security Checklist For Management (£):

 

« Russian Cyber Campaign Aims To Splinter US Voters
Social Media - 'Jargon-Busted' »

Directory of Suppliers

Security Monitor

Security Monitor

We focus on information security consulting and offer services in identifying and eliminating vulnerabilities in software.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC provides training to raise awareness and understanding of identity theft, data breaches, cyber security, scams/fraud and privacy issues.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

Portnox

Portnox

The Portnox Network Access Control (NAC) Platform traverses across all network layers, and locations to deliver the highest accuracy and control of al

Certification Europe

Certification Europe

Certification Europe is an accredited certification body which provides ISO management system certification and other management standards

Government Communications Headquarters (GCHQ)

Government Communications Headquarters (GCHQ)

GCHQ defends Government systems from cyber threat, provide support to the Armed Forces and strive to keep the public safe, in real life and online.

Tennant Risk Services

Tennant Risk Services

Tennant Risk Services is a national wholesale insurance broker and underwriting manager. Specialty insurance cover includes Cyber Risk Insurance.

Ilantus Technologies

Ilantus Technologies

Ilantus Technologies specializes in the Identity, Governance and Access domain with a unique focus in implementation and Managed Services.

National Cyber-Forensics & Training Alliance (NCFTA)

National Cyber-Forensics & Training Alliance (NCFTA)

NCFTA is a non-profit corporation focused on identifying, mitigating, and neutralizing cyber crime threats globally.

Fields Associaes

Fields Associaes

Fields Associates is a consultancy firm specialising in digital forensics, security and electronic discovery.

Cyber Security For Critical Manufacturing (Manusec)

Cyber Security For Critical Manufacturing (Manusec)

Cyber Security For Critical Manufacturing (Manusec) is a global series of summits focusing on Cyber Security for Critical Manufacturing Sectors.

Coromatic

Coromatic

As the leading Nordic critical facilities solutions provider, we safeguard continual power supply and data communications.

Distil Networks

Distil Networks

Distil Networks is a leader in bot detection and mitigation, providing an easy and accurate way to identify and police malicious website traffic.

Open Information Security Foundation (OISF)

Open Information Security Foundation (OISF)

OISF is a non-profit organization led by world-class security experts, programmers, and others dedicated to open source security technologies.

TrulyProtect

TrulyProtect

TrulyProtect provides a suite of Code Security Tools that protect creators of software against Reverse Engineering, Modification and Theft of Algorithmic and other coded-IP.