Security threats come at us from all sides these days, and it’s a constant battle of “us vs. them” to find and catch the bad guys before you end up in the news and people get fired or resign.
Organized cyber-criminals and nation state cyber-terrorists strike deep and lingering fear in us all for the extent of the damage they can cause with one breach.
But the fact is most reported breaches are not caused by elegant external attacks. They are caused by careless employees who click the link before they think, despite our best efforts to make them aware of risks and train them in security basics.
As one IT pro put it, “Don’t open that attachment it’s a virus…” A few minutes later, “I opened it by accident sorry.”
A 2013 Forrester study indicated that over 50% of breaches are the result of an employee losing or misusing company assets.
Fast forward to 2014 and a current Dark Reading flash poll says 77% of IT Security Pros consider employees as their greatest security threat, far eclipsing their fear of hacktivists, terrorists, and cyber criminals.
So what should you do if insider threats should be a primary focus?
An InfoWorld Deep Dive special report on this topic provides a number of relevant suggestions that fall into two main categories – detecting insider threats and preventing insider threats. Some of their recommendations include:
In closing, as Pogo once said, “We have met the enemy, and he is us.” So yes you need to do all the standard things like with employees like screening, training, and policy enforcement to minimize risk.
But effective security programs must also include automated systems and advanced controls to protect “us” from “them”.
- Confessions of a LinkedIn Imposter: We Are Probably Connected
- Ten Secure Ways to (Not) Shoot Yourself in the Foot
- My Company Needs to Buy Me an Oculus Rift
- Your Biggest Threats are Coming from Inside
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock