In 2013, CIA operative Edward Snowden made headlines by exposing classified documents. The world was aghast. We were shocked to learn that an insider had betrayed us.

You might be similarly shocked to learn that at least one third of businesses, of all sizes, in all sectors and all countries, have being similarly betrayed, experiencing a network attack that originated from within the organization. (Source: Sisa Infosec)

Although the majority of breaches are accidental, often the result of negligence or improperly applied protocols that result in people seeing data for which they do not have permission, there’s been a significant uptick in threat actors who are either employees, contractors, vendors, distributors or other trusted stakeholders who have access to the company network.

Unfortunately, most breaches that come from within go unreported. For this reason, there are wide variations in professional assessment as to the extent of the problem, although all sources agree that the impact is expanding.

According to Panda Security, there’s been a 47% increase in insider threats in the past 12 months and approximately 60% of organisations experience more than 30 insider attacks a year. Panda Security and other sources, including Observe IT, US Cybersecurity and IBM, estimate that “15% – 25% of security breach incidents are caused by trusted business partners”.

According to Malware Bytes, “68% of organizations claim that they feel extremely to moderately vulnerable to frequent attacks from hackers”, and only 1 in 10 firms believe their current cyber security measures meet the needs of their business today.

What’s really scary, is that the more sophisticated internal attacks can take as many as 200 days to be detected, which is 5 to 7 times longer that it takes for other threats to be detected. That’s a lot of potential damage in terms of proprietary corporate information and client data being revealed.

Clearly, limiting the possibility for internal abuse needs to take greater priority. Investigation and detection are important tools in the fight against internal cybersecurity problems.

What can you do?

• Start with a security audit conducted by a third-party expert, followed by penetration testing.
• Implement the recommendations of your outside expert. If budget restrictions limit what you can do immediately, consider i) the cost of not doing anything, ii) implementing solutions to address the areas of greatest concern, and iii) look at working with a vendor who can help you amortize the costs over a period of time, turning this into an operating expense, rather than a capital one.
• Review your current protocols and procedures and update regularly. This includes having strong procedures in place for when employees and other stakeholders are poised to stop working with the firm – especially if leaving is not their choice.
• Introduce employee and stakeholder education programs and have regular training and practice sessions.
• Stay on top of your updates and ensure all patches are pushed out and applied.
• Engage an outside cybersecurity firm to handle the day-to-day monitoring of internal and external threats, and to regularly test for compliance against phishing and other potential problems.

Organisations can no longer be complacent about internal threats.  If you’d like an initial, complementary assessment and/or want to learn more about penetration testing and third-party cyber security as a subscription, please contact us at [email protected] or (416) 429-0796 or 1.877.238.9944 (Toll Free).

We look forward to hearing from you and, putting a twist on today’s new phrase, “Stay safe!”