The large-scale attacks we’re accustomed to seeing in the news — Yahoo, Equifax, WannaCry ransomware — are massive data breaches caused by cyber criminals, state-sponsored entities or hacktivists. They dominate the news cycle with splashy headlines that tell an all-too-recognizable story: one of the name-brand corporations vs. anonymous cyber villains.
We’re focusing on outsider threats here because they’re both terrifying and thrilling, and because they’re familiar. They often have a clear-cut storyline, one that’s been told before. But the hyper-focus on cyber attacks caused by outside parties can lead organizations to ignore a major cybersecurity threat: insiders already in the organization.
We’ve seen these threats before too: attacks of dramatic espionage from Snowden, Reality Winner and Gregory Chung — but insider threats aren’t always so obvious, and they pose a risk for organizations that don’t operate in the national security space. In fact, research suggests that insider threats account for anywhere from 60 to 75 percent of data breaches.
They’re dangerous for a number of reasons, including because of how much they vary: from rogue employees bent on personal gain or professional revenge to careless staffers without proper cybersecurity training, insider threats can come from almost anyone, making them a prime concern for businesses. Check out our full infographic to learn more about the motives and methods behind these types of threats on the Varonis blog here.
Are you doing everything you can to prevent insider threats?
If you’re granting unnecessary internal permissions, lack an auditing system for high-risk people or sensitive data, or aren’t paying close attention to possible behavioral indicators of malicious activity, your organization is at risk. You’re more vulnerable than you think — reach out to assess your risk today to see what you can do to ward off threats that come from the inside.
Don’t forget to register for our 4th annual Camp Secure Sense here. Camp Secure Sense is geared towards helping Canadian IT Security professionals improve their security practices, and better protect their organization. Don’t wait, Camp is over 75% booked!