By Faith Ashmore, Benzinga
Ransomware attacks are indeed on the rise, but what people fail to realize is that insider threats are actually the real threat to businesses. The true threat to businesses lies in insiders maliciously stealing company information. These insiders, who have privileged access to the network – including employees, clients, vendors and management – pose a significant risk. Rather than accidental mistakes – like employees negligently clicking on phishing schemes – these individuals intentionally exploit their access to gain unauthorized access, steal sensitive data, or cause harm to the organization in another fashion.
Insider Threats: On The Rise, Costly And Sneaky
Studies have shown how much of a threat insiders with malicious intent can be to businesses. According to a report by Proofpoint, insider threats accounted for $15.38 million in average costs, affecting 34% of businesses annually. Malicious insiders often have an advantage as they are familiar with the organization's systems and processes, making it easier for them to navigate through security measures undetected. In addition, their nefarious activities are often impossible to distinguish from legitimate work activities by IT security.
There’s a popular misconception that insider threats have to come from people high up in the company, but statistically, that isn’t always the case. Approximately 61% of internal actors are not in positions with a high level of access or stature.
Even when examining governmental leaks, it becomes evident that some of the most significant leaks have come from individuals who are not in high positions like Edward Snowden. In the instance of Snowden, a former contractor for the National Security Agency (NSA), this showed that it is not always high-ranking officials who have access to sensitive data but anybody who possesses knowledge and access based on their role within the organization. This highlights an important problem: Oftentimes organizations do not have robust security systems in place to keep the wrong people from sensitive information.
“To protect against insider threats, organizations should consider implementing various measures, starting with clear clauses and agreements that define intellectual property and ensure that employees understand that the work they produce belongs to the company.”, David Sun, National Practice Leader for Cyber Incident Response and Forensics at CohnReznick LLP. CohnReznick is a leading advisory, assurance and tax firm that helps organizations achieve their goals consulting on insider threats and how to prevent them before they can cause any damage by optimizing performance, maximizing value and managing risk. They offer a comprehensive range of consulting services encompassing various areas; part of their services is cybersecurity. This education is crucial in dispelling the notion that employees can take company-owned materials such as contact lists or internal documents with them when they leave. By educating employees about ownership and setting clear expectations, organizations can prevent misunderstandings regarding intellectual property.
Technical Tools: Monitoring Necessary?
Technical controls also play a vital role in preventing insider threats. “Companies should consider disabling USB drive functionality on computers to prevent employees from easily copying large amounts of data onto portable devices. In addition, access controls should be implemented, ensuring that employees only have access to the information necessary for their specific job roles.” says Sun. By limiting access to sensitive data and implementing need-to-know basis controls, companies can minimize the risk of unauthorized data extraction. In other words, only the necessary parties should have access to sensitive information.
Proactively monitoring and highlighting high-risk employees may involve tools that collect screenshots, log keystrokes, record file downloads and copies and monitor email activities. By closely monitoring the activities of high-risk individuals, organizations can detect any unusual or unauthorized behaviors, and take prompt action to prevent data breaches or leaks.
A multi-faceted approach to address cybersecurity needs, including insider threats is important to combat this issue.
Risk Mitigation: Moving Forward
Without effective measures in place, companies are at risk of losing money, clients and authority. The reality is there is generally a lot of sympathy when a company is a victim of a ransomware attack and oftentimes ransomware threats are over quickly. With insider threats, the damage can be much more far-reaching and crippling to a company.
“To combat the impact of insider threats, companies should have a key employee departure process which includes proactive forensic preservation and analysis to identify any suspicious activity before damage has been done to the organization,” warns Sun. While preventive measures are important if a company is attacked, they need to react before it is too late.
For businesses, the real threat may lie closer to home – and thankfully, firms like CohnReznick help to protect and prevent the damage these insider threats can unfortunately cause.
To learn more contact David Sun.
This post contains sponsored content. This content is for informational purposes only and not intended to be investing advice.