- Raspberry Robin: Highly Evasive Worm Spreads over External Disks
- Cisco Introduces Responsible AI – Enhancing Technology, Transparency and Customer Trust
- Managing Customer Trust in Uncertain Supply Chain Conditions
- Hope on the Horizon
- Toys of Tomorrow… What will spark your imagination? Fuel your imagination?
- Protecting Purses and Digital Wallets
- The Password that Felled the Kingdom + MFA vs 2FA
- The MOE’s RA 3.0 and Zscaler
- 7 Critical Reasons for MS Office 365 Backup
- Penetration Testing Important, but…
- Social Engineering and Poor Patching Responsible for Over 90% of Cybersecurity Problems
- Breach Incidence and Costs On the Rise Again + 5 Ways to Reduce Your Risk
- Cybersecurity Insurance Policies Require Security Audits and Pen Testing
- Wireless strategies for business continuity gain importance as enterprise expand IoT, cloud, and other technologies
- How Cybercrooks are Targeting YOU
- Enabling Digital Transformation with Cisco SD-WAN
- WFH Post Pandemic – What It Will Look Like. What You’ll Need.
- Leaders to looking to the IoT to improve efficiency and resiliency
- Cyber Security Vernacular – Well, some of it, for now
- Why You Need Disaster Recovery, NOT Just Back-Ups
- 10 Reasons Why Having an Expert Manage Your Cybersecurity Makes Sense and Saves Dollars
- Converting CapEx IT Investments into Manageable OpEx
- The Hybrid Workplace – Planning the Next Phase
- Cisco Cloud Calling: Empowering Customers to Thrive with Hybrid Work
- When You Can’t Access the Cloud
- How to Keep On Keeping On
- New Cisco Research Reveals Collaboration, Cloud and Security are IT’s Top Challenges
- Threats from Within on the Rise
- Cloud Covered? If Not, Take Cover!
- Zero Trust and Forrester Wave Report
- Password Based Cyber Attack: Like Leaving Keys Under Doormats
- So, What’s Up With Sensors?
- Sensors and Systems Create a Digital “Last Mile” and Help Skyrocketing Costs
- Scanners Provide Peace of Mind for Returning Students and Workers
- Sensors Improve Operations and Bottom Line… Easily and Cost-Affordably.
- Cisco Meraki Looks at 2021
- 2020 Holiday Shopping: Cybersecurity and Other Tips to Safeguard Wallets and Systems
- How to make the most of the technology you have
- Personnel, Planet and Business Progress: More Interdependent Than Ever Before
- Sure… you can get them all in the boat – but can you get them to work well together?
- Pushing the Zero Trust Envelope – Cisco is Named a Leader in the 2020 Forrester Zero Trust Wave
- Cloud Data Must be Protected, Too!
- Don’t Let Anyone Get the Dirt on You – Make It Instead!
- How IoT Devices Can Help You and Your business
- WebEx – A World of Possibility
- Creating Your Breach Response Plan Now Will Save You Thousands Down The Road
- Been hacked? Here’s what you must do next.
- The Need for Pen Testing is At an All-Time High
- 5 Ways an IT Reseller Improves Your Performance and Peace-of-Mind
- 5G and Wi-Fi 6: Faster, more flexible, and future ready. Are you?
- Network and Data Security for Returning and Remote Workers + Disaster Recovery Symposium
- Collaboration and Cisco WebEx: Protecting Your Data
- Thursday’s Virtual Conference Tackles Today’s Supply Chain Trials and Tribulations
- 10 Tips to Reduce Cloud Storage Risk
- COVID-19 Crisis Fuelling IT Spending
- Supply Chain/Logistics Experts Share Their Expertise
- Cisco Breach Defence Overview
- Announcing Our New Website and Blog
In 2013, CIA operative Edward Snowden made headlines by exposing classified documents. The world was aghast. We were shocked to learn that an insider had betrayed us.
You might be similarly shocked to learn that at least one third of businesses, of all sizes, in all sectors and all countries, have being similarly betrayed, experiencing a network attack that originated from within the organization. (Source: Sisa Infosec)
Although the majority of breaches are accidental, often the result of negligence or improperly applied protocols that result in people seeing data for which they do not have permission, there’s been a significant uptick in threat actors who are either employees, contractors, vendors, distributors or other trusted stakeholders who have access to the company network.
Unfortunately, most breaches that come from within go unreported. For this reason, there are wide variations in professional assessment as to the extent of the problem, although all sources agree that the impact is expanding.
According to Panda Security, there’s been a 47% increase in insider threats in the past 12 months and approximately 60% of organisations experience more than 30 insider attacks a year. Panda Security and other sources, including Observe IT, US Cybersecurity and IBM, estimate that “15% – 25% of security breach incidents are caused by trusted business partners”.
According to Malware Bytes, “68% of organizations claim that they feel extremely to moderately vulnerable to frequent attacks from hackers”, and only 1 in 10 firms believe their current cyber security measures meet the needs of their business today.
What’s really scary, is that the more sophisticated internal attacks can take as many as 200 days to be detected, which is 5 to 7 times longer that it takes for other threats to be detected. That’s a lot of potential damage in terms of proprietary corporate information and client data being revealed.
Clearly, limiting the possibility for internal abuse needs to take greater priority. Investigation and detection are important tools in the fight against internal cybersecurity problems.
What can you do?
- Start with a security audit conducted by a third-party expert, followed by penetration testing.
- Implement the recommendations of your outside expert. If budget restrictions limit what you can do immediately, consider i) the cost of not doing anything, ii) implementing solutions to address the areas of greatest concern, and iii) look at working with a vendor who can help you amortize the costs over a period of time, turning this into an operating expense, rather than a capital one.
- Review your current protocols and procedures and update regularly. This includes having strong procedures in place for when employees and other stakeholders are poised to stop working with the firm – especially if leaving is not their choice.
- Introduce employee and stakeholder education programs and have regular training and practice sessions.
- Stay on top of your updates and ensure all patches are pushed out and applied.
- Engage an outside cybersecurity firm to handle the day-to-day monitoring of internal and external threats, and to regularly test for compliance against phishing and other potential problems.
Organisations can no longer be complacent about internal threats. If you’d like an initial, complementary assessment and/or want to learn more about penetration testing and third-party cyber security as a subscription, please contact us at [email protected] or (416) 429-0796 or 1.877.238.9944 (Toll Free).
We look forward to hearing from you and, putting a twist on today’s new phrase, “Stay safe!”