Businesses Get Better At Detecting Insider Threats

The cyber security threat to companies from their own employees is on the rise, according to new research. Data security company Clearswift surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia and found year-on-year cyber security incidents are also on the rise generally.

Clearswift found companies are able to spot suspicious activity significantly quicker than two years previously.

Inadvertent or malicious threats from employees make up 42 per cent of incidents, up from the 39 per cent in 2015.

When looking at the extended enterprise, employees, customers, suppliers, and ex-employees, this number reaches 74 per cent, compared to 26 per cent of attacks from groups unknown to the organisation. In 2015, 33 per cent of attacks were carried out by unknown parties, so this proportion is falling, which may seem surprising given the recent swathe of high profile attacks, such as WannaCry, which affected over 230,000 computers.

Large-scale external threats are more likely to encourage companies to add cyber security to the boardroom agenda, with 29 per cent of UK businesses doing so in recent months.

“As GDPR approaches, every department in a business will need to recognise the potential security dangers associated with the data they use,” said Dr Guy Bunker, SVP Products at Clearswift.

“Businesses may fall victim to the frenzy around high profile attacks and organisations may be quick to look at threats outside the business but, in reality, the danger exists closer to home.

“The blurring lines between personal and work-based technologies has led to an unabated rise in the insider threat.

“A reactive policy of blocking technologies may prove futile as users will inevitably find a work-around. Educating employees about how to safeguard critical information, motivating employees to care more about the ramifications of a breach, and increasing investment in Data Loss Prevention tools are the biggest priorities needed to minimise the risk of internal security breaches.

“Being a responsible data citizen will also require organisations to look at the way in which partners or suppliers hold and share information, as breaches within the extended enterprise could also lead to heavy fines for the originating business.”

Although internal threats pose the biggest threat to most organisations, employers believe that the majority (65 per cent) of incidents are accidental or inadvertent rather than deliberate in intent; this remains unchanged over the past three years and highlights a critical need for better security education within most organisations.

This is particularly relevant, as most businesses believe their critical data predominantly lies in non-technical departments, such as finance (55 per cent), HR (45 per cent) and legal or compliance (43 per cent).

More than half of organisations (52 per cent) say they are spotting an issue within an hour, compared to only a third (34 per cent) two years ago.

BusinessCloud

You Might Also Read: 

Data Threat: Your Ex-Employees:

Directors Report January 2017. Cyber Security Checklist For Management (£):

 

« Russian Cyber Campaign Aims To Splinter US Voters
Social Media - 'Jargon-Busted' »

Directory of Suppliers

The Hacker News (THN)

The Hacker News (THN)

THN is a leading source for Information Security, Hacking News, Cyber Security, Network Security with in-depth technical coverage of issues and events

Global Cyber Security Center (GCSEC)

Global Cyber Security Center (GCSEC)

GCSEC is the Global Cyber Security Center based in Rome, focused on International Cooperation and Policies, Research and Education in the field of cyber security.

Veeam

Veeam

Veeam is the leader in intelligent data management for the Hyper-Available Enterprise.

Federal Office for Information Security (BSI)

Federal Office for Information Security (BSI)

The BSI investigates security risks associated with the use of IT and develops preventive security measures. It provides information on risks and threats relating to the use of information technology

LRQA

LRQA

LRQA is a world leading, independent provider of Business Assurance services including management system certification such as ISO 27001.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium was created to encourage use-inspired research, training and technology awareness in cybersecurity.

iLand

iLand

iland is an award-winning enterprise cloud infrastructure provider offering Secure Enterprise Cloud Services and Disaster Recovery as a Service (DRaaS).

CyberSmart

CyberSmart

CyberSmart is a platform that allows you to maintain compliance, achieve certification and secure your organisation.

Digital Identity Solutions Europe (DISE)

Digital Identity Solutions Europe (DISE)

DISE provides intelligent solutions for digital identity management and identity-based services.

Digital Guardian

Digital Guardian

Digital Guardian is a next generation data protection platform designed to stop data theft.

Pandora Security Labs

Pandora Security Labs

Pandora Labs is a cyber threat detection & intelligence company that secures businesses by identifying & mitigating cyber threats to ensure data security.

Iceberg

Iceberg

Iceberg has been established to provide companies with cyber security experts who will protect businesses from the unseen threat of cyber crime.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

CyberSec.sk

CyberSec.sk

CyberSec.sk is the Slovak portal bringing the latest cyber security news, politics, tips and instructions on how to protect the internet.