How Dangerous are Insider Threats?

1
(No Transcript)
2

• When it comes to cyber security, most firms are
  concerned about outside threats like hackers,
  phishing scams, and data breaches. There is,
  however, another kind of threat to an
  organizations data security insider threats,
  people who belong to an organization or who have
  security access who compromise sensitive data or
  internal systems.

3

• Just how dangerous are insider threats? According
  to recent studies, insider threats present a
  greater danger than all external threats. In
  other words, if your organizations security
  measures only focus on threats coming from the
  outside, its ignoring the points at which your
  systems are the most vulnerable.1

4

• According to the companies polled for a recent
  study, 40 expect to suffer a data breach within
  12 months as the result of employee behavior.
  Also, according to a survey by a security
  software vendor, 45 of respondents said they had
  been targeted by an insider threat within the
  past year. 29 of those organizations reported
  losing data as a result.2

5

• One of the reasons that insider threats are so
  dangerous is that they can be very hard to
  detect. When outsiders attempt to gain access to
  a secure system, they almost always leave signs
  of their presence. However, because employees and
  contractors have been granted access, it is hard
  to determine when they are using permissions
  properly, or for malicious purposes.

6

• Insider threats can be motivated by several
  factors, including
• Greed or financial need
• Anger with the business or organization
• Blackmail
• Divided loyalty between the organization and
  another party
• Thrill-seeking behavior
• A belief that they are above the rules
• Personal problems leading to reckless decisions

7

• Another factor that can increase the danger of
  insider threats is how the culture of an
  organization treats security. If data security is
  not taken seriously and/or access to sensitive
  information is given out indiscriminately, it
  increases the chances that an insider will be
  able to steal sensitive data or compromise
  internal systems.

8

• In some cases, insider threats have no malicious
  intentions at all. Instead, personnel who are not
  properly trained or who ignore security protocols
  will make a mistake that leaves an organizations
  systems open to attack, or that leaves
  confidential data where it can be accessed by
  unauthorized parties.

9

• There are several steps organizations can take to
  combat insider threats
• Proper security training
• Encouraging employees to report suspicious
  behavior
• Adopting security protocols that balance the need
  for access with the need to keep data safe
• Careful screening of employees and contractors to
  identify possible threats before they can act

10

• Triumfant is a cyber security firm that
  specializes in the detection and prevention of
  advanced persistent threats and other online
  dangers to organizations internal security and
  data. To learn more, visit www.triumfant.com
  today.

11

1. http//www.scmagazine.com/report-insider-threat-mo
   re-dangerous-than-external-risks/article/455117/
2. http//www.cio.com/article/3003117/security/govern
   ment-cios-and-cisos-under-siege-by-insider-threats
   .html