Businesses Get Better At Detecting Insider Threats

Uploaded on 2017-11-13 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW, TECHNOLOGY--Resilience

The cyber security threat to companies from their own employees is on the rise, according to new research. Data security company Clearswift surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia and found year-on-year cyber security incidents are also on the rise generally.

Clearswift found companies are able to spot suspicious activity significantly quicker than two years previously.

Inadvertent or malicious threats from employees make up 42 per cent of incidents, up from the 39 per cent in 2015.

When looking at the extended enterprise, employees, customers, suppliers, and ex-employees, this number reaches 74 per cent, compared to 26 per cent of attacks from groups unknown to the organisation. In 2015, 33 per cent of attacks were carried out by unknown parties, so this proportion is falling, which may seem surprising given the recent swathe of high profile attacks, such as WannaCry, which affected over 230,000 computers.

Large-scale external threats are more likely to encourage companies to add cyber security to the boardroom agenda, with 29 per cent of UK businesses doing so in recent months.

“As GDPR approaches, every department in a business will need to recognise the potential security dangers associated with the data they use,” said Dr Guy Bunker, SVP Products at Clearswift.

“Businesses may fall victim to the frenzy around high profile attacks and organisations may be quick to look at threats outside the business but, in reality, the danger exists closer to home.

“The blurring lines between personal and work-based technologies has led to an unabated rise in the insider threat.

“A reactive policy of blocking technologies may prove futile as users will inevitably find a work-around. Educating employees about how to safeguard critical information, motivating employees to care more about the ramifications of a breach, and increasing investment in Data Loss Prevention tools are the biggest priorities needed to minimise the risk of internal security breaches.

“Being a responsible data citizen will also require organisations to look at the way in which partners or suppliers hold and share information, as breaches within the extended enterprise could also lead to heavy fines for the originating business.”

Although internal threats pose the biggest threat to most organisations, employers believe that the majority (65 per cent) of incidents are accidental or inadvertent rather than deliberate in intent; this remains unchanged over the past three years and highlights a critical need for better security education within most organisations.

This is particularly relevant, as most businesses believe their critical data predominantly lies in non-technical departments, such as finance (55 per cent), HR (45 per cent) and legal or compliance (43 per cent).

More than half of organisations (52 per cent) say they are spotting an issue within an hour, compared to only a third (34 per cent) two years ago.

BusinessCloud

You Might Also Read: 

Data Threat: Your Ex-Employees:

Directors Report January 2017. Cyber Security Checklist For Management (£):

 

« Russian Cyber Campaign Aims To Splinter US Voters
Social Media - 'Jargon-Busted' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

Evidian

Evidian

Evidian, a Bull Group company, is the European leader and one of the major worldwide vendors of identity and access management software.

Cofense

Cofense

Cofense (formerly PhishMe) is a leading provider of human-driven phishing defense solutions.

Joe Security

Joe Security

Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics.

Deltagon

Deltagon

Deltagon develops information security solutions to protect companies’ confidential information in e-communication and e-services.

Dispersive Networks

Dispersive Networks

Dispersive Virtual Network is a carrier-grade software-defined programmable network that is inspired by battlefield-proven wireless radio techniques.

SteelCloud

SteelCloud

SteelCloud has spent the last decade inventing technology to automate policy compliance, configuration control, and Cloud security.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Evanston Technology Partners (ETP)

Evanston Technology Partners (ETP)

ETP provides services and solutions to enable and transform businesses in the areas of cybersecurity, data protection, and efficient operations practices.

PT Sydeco

PT Sydeco

At PT SYDECO we create a complete range of products that secure computer and industrial networks, servers, programs and data against any type of computer attack.

Vaultinum

Vaultinum

Vaultinum are a trusted independent third party specialized in the protection and audit of digital assets.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

Zama

Zama

Zama - pioneering homomorphic encryption. We believe people shouldn't care about privacy. Not because it doesn't matter, but because it shouldn't be an issue!

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

aFFirmFirst

aFFirmFirst

aFFirmFirst is a unique software solution offering a simple yet effective way for businesses to protect and control their online images and logo, as well as allowing one-click website verification.

BARR Advisory

BARR Advisory

At BARR Advisory, we build trust through cyber resilience. We help protect the world’s data, people, and information networks through a human-first approach to cybersecurity and compliance.