While rogue employees, such as the infamous Edward Snowden, can be a corporation’s greatest fear, the reality is your employees are probably unknowingly your greatest threat. Better than 60 percent of security events are the result of an inside attack.
Of that group, about 80 percent are from inside people unintentionally compromising your company’s security. They don’t mean to, it’s just that the nature of their job gives them direct access to highly sensitive data. They may not be taking their own security as seriously as you’re taking corporate security, explained Carter Schoenberg (@carter1679), Technical Director of Cyber Security Services for Calibre.
It’s frightening how careless many users are about corporate security. For example, 40% of all users who have access to a corporate infrastructure use the same login credentials on other non-corporate sites such as Facebook, Twitter, and LinkedIn, said Schoenberg.
That’s just one very common example, another is someone with authorized, but unapproved access, said Schoenberg. It could be an employee that’s authorized to have access to the network from 9am to 5pm, but then you see a single access at 2am. What exactly happened there is not clear, but it definitely would require further investigation.
To combat the unintentional insider threat, all organizations should conduct an audit of your internal team. Where could people be making the biggest impact? A smaller organization could begin a manual audit process, while a larger organization will want to use audit log management tool, said Schoenberg.
- A Forensics Tale: Confronting the Insider Threat
- Insider Threats are a Big Problem – And That Shouldn’t Surprise You
- The Ouija Board of Cyber Security and Risk Management
- The Vegas Security Conundrum
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock