Attend IT Blog

Attend IT Limited has been serving the Brentford area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Categories
Tags
Categories:   All Categories
Suggested keywords
x

Study Shows Way Too Many Businesses Ignore Insider Threats

b2ap3_thumbnail_are_you_at_risk_from_your_staff_400.jpgInsider threats are an unpleasant reality of working with sensitive information, though you might be relieved to hear that not all instances of insider threats have malicious intentions. Then again, maybe you aren’t relieved since a threat is still a threat. Either way, we’ll discuss some statistics concerning insider threats, and what you can do about them.

Insider threats are defined as internal threats that could come in the form of either malicious or negligent users. Perhaps an employee recently quit and left the office in a flurry of madness, or maybe you have employees who just don’t care to follow security best practices. Either way, insider threats are major problems that need to be addressed.

Internal and External Threats: Reality vs Expectations
A study by Accenture and HfS Research shows that 69 percent of businesses have experienced the theft or destruction of data due to internal threats, compared to only 57 percent experiencing the same due to external threats. In contrast, only 55 percent expect to become the victim of an internal threat, while 80 percent expect external affairs to cause trouble. The lesson to be learned is that you need to be prepared for all types of threats--even those from the inside.

Exposure of Sensitive Data to the End User
The Ponemon Institute conducted a study in which 62 percent of users felt that they had access to data that they weren’t supposed to have access to. In essence, a user-access control system needs to be put into place to keep users from glimpsing sensitive or private information, such as employee salaries or personally identifiable information (Social Security numbers, birth dates, home addresses, etc).

Reaction Time to Insider Threats
According to Ponemon, the reaction time to insider threats varied. Some organizations responded quickly, while others went months, or even years before finding out:

  • Within 24 hours: 24 percent
  • Within a week: 19 percent
  • Within a month: 14 percent
  • Within 6 months: 20 percent
  • Within a year: 9 percent
  • More than a year: 14 percent

It’s somewhat surprising that so many organizations took so long to find out, but it’s a clear indicator that something’s wrong. Businesses need to be able to find out who accesses sensitive files, and why, at a glance. Monitoring network traffic and activity can provide this critical function.

The Ability to Respond to Insider Threats
This one’s simple; SANS Institute reports that 31.9 percent of organizations have no way to combat insider threats, while 68.1 percent do have the ability to respond. If so many organizations have the capabilities to do so, then why don’t they? Perhaps they just aren’t aware of the activity.

How Effective Preventative Measures Are
SANS Institute reports that:

  • Only 9 percent of businesses have proven techniques to prevent insider threats from taking root.
  • 42 percent claim to have tools but haven’t used them.
  • 36.4 percent are in the process of implementing processes to prevent insider threats.
  • A paltry 2.3 percent aren’t concerned at all about insider threats.

Potential Vulnerabilities
Mimecast claims that 45 percent of companies feel that they’re unequipped to handle malicious insider threats within their email security--more than any of the other potential email threats. Keeping a tight grip on what leaves and enters through your business’s email stream is key to protecting your organization’s digital assets.

The Types of Insider Threats
According to Gartner, there are three types of insider threats. One, called a “second streamer” (someone who uses the data from one job to obtain revenue from another job) consists of 62 percent of insider threats. 29 percent of insider threats are called the “career launcher,” or someone who took information with them as they left a company. Only 9 percent of insider threats could be classified as sabotage.

So, how does your business handle insider threats? If you can’t answer this question, Attend IT Limited can. To learn more, give us a call at 020 8626 4485.

Tags:
Security Privacy Risk Management
The Threat of Your Car Being Hacked is Becoming In...
Why You Can’t Afford to Ignore a Data Backup and D...

About the author

Adam Shailes

Adam Shailes

Attend IT Limited has been serving the Brentford area since 2003, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Author's recent posts

More posts from author
 

Blog Categories

Mobile? Grab this Article!

Qr Code

Tag Cloud

Technology Security Business Computing Productivity Network Security Cloud Best Practices Tip of the Week Business Managed IT Services Data Data Backup Data Recovery IT Services Hackers IT Support Software Hosted Solutions Innovation communications Disaster Recovery Backup Privacy VoIP Cybersecurity Malware Mobile Devices Small Business Efficiency Internet Saving Money Email Hardware Business Continuity Computer Cloud Computing Business Management Phishing Collaboration Outsourced IT Microsoft BDR Automation Information Technology User Tips Ransomware Productivity Smartphones IT Support Compliance Internet of Things Users Workplace Tips Workplace Strategy Quick Tips Smartphone Server Artificial Intelligence Communication Upgrade Risk Management Wi-Fi Employee-Employer Relationship Mobile Device Management Managed Service Provider Network Managed IT Mobility Managed IT services Budget Training Spam Meetings Covid-19 Gadgets Passwords BYOD Google Save Money Wireless Password Mobile Device Networking Human Resources Remote Avoiding Downtime Document Management Android Printing Information Windows 7 Remote Workers Social Media Microsoft Office VPN Remote Computing Chrome History Hosted Solution Router Instant Messaging Encryption Firewall Content Filtering Computers Data Management Cost Management Windows 10 Project Management MSP Monitoring Managed Service Virtual Private Network Help Desk Time Management Remote Work Video Conferencing Laptop Marketing Recovery Telephone Systems Government End of Support Hacker Personal Information Hard Drives Solid State Drive Current Events Virtualization Battery Automobile Telephony Big Data Two-factor Authentication Audit Office Employer-Employee Relationship Value Saving Time Data Breach Data Storage Data Security Mobile Software as a Service Conferencing Redundancy Maintenance Devices Tech Term Proactive Computing Wireless Internet Hybrid Cloud Business Technology Printers IT Service Machine Learning Paperless Office Backup and Disaster Recovery Voice over Internet Protocol Mobile Office Manufacturing Customer Relationship Management AI Printer Managed Services Mobile Computing Proactive IT Social Engineering Transportation Going Green Browser Applications Private Cloud Operating System iPhone Health Windows Money Facebook Administration Colocation Windows 10 Advertising PDF Apps Legal Wireless Technology Flexibility Update Cybercrime Black Market Shadow IT Disaster Education Application Save Time Work/Life Balance Office 365 Antivirus Holiday Entertainment HIPAA Phone System Analytics Electronic Medical Records Cleaning Hacking Smart Technology Vendor Management Samsung Company Culture App SaaS Upgrades Vulnerability The Internet of Things Dark Web Nanotechnology OneNote Business Intelligence Managed IT Service Data Protection Commerce Regulation Professional Services Travel Word Apple User Error Data Loss File Sharing Storage Lifestyle Evernote Workers Spyware intranet Blockchain IoT Analysis Chromebook Smart Tech Connectivity Streaming Media Content Filter Management Financial Technology Gamification Students Unified Communications Remote Monitoring Wasting Money Amazon Virtual Assistant Alexa for Business WPA3 File Storage Bandwidth Vendor Telephone Utility Computing Payroll SMB Downtime E-Commerce Payment Cards Break/Fix e-waste Employees Smartwatch Development Azure Active Directory Windows Server Cybersecurty Window 10 Online Storage Fiber Optics Windows Server 2008 Copiers Voiceover Internet Protocol Business Telephone Computer Repair Troubleshooting CRM Workstations Outsource IT PCI DSS Regulations Compliance Cost Remote Working Leadership Bitcoin Finance Infrastructure Videoconferencing Streaming Customer Service Copier Authentication Hiring/Firing RMM Windows 11 Cabling Going Paperless Inventory Management Employer/Employee Relationships Outsourcing How To Microsoft Outlook Files Regulations Paperless Solutions Microsoft 365 Strategy Consulting Decision Making Ergonomics Signage Customer Experience Robot Google Drive Miscellaneous Alert Law Enforcement Reputation Social Relocation Search Internet Exlporer Text Messaging Office Tips HaaS Video Games Scalability Humor How To Best Practice USB Virtual Reality Managing Stress Point of Sale Identity Theft Worker Commute Politics Experience Music Books Safety Emergency Worker Scam Computer Accessories Charger Computer Care Unsupported Software Television Business Strategy WiFi Unified Threat Management Consultant Touchscreen Emails Webinar IT solutions Windows 10s Hard Disk Drive iOS Computer Fan Root Cause Analysis Augmented Reality CrashOverride Settings Screen Mirroring Cast HBO IT Management IT Solutions WIndows Server 2008 Patch Management Outlook Shortcut Excel Sync Adobe Licensing Tablets NFL Windows Ink Google Maps Google Docs Microsoft Excel Sports Cortana Legislation Comparison Specifications Sales Retail Gifts Credit Cards FAQ Wireless Charging WannaCry Updates Microsoft Word eWaste Device Security Tech Support Fraud Edge Ciminal IT budget Identities Language Virus Websites Data Theft App store Mobile Security Identity Data Privacy Hard Drive Google Assistant Twitter Computer Forensics Gmail PowerPoint Memory Financial Bring Your Own Device Testing Camera Projects Display Co-Managed Services Hyperlink Wasting Time Accessory Peripheral Access Control Admin Keyboard Shortcuts Security Cameras Employee 5G Medical IT YouTube OneDrive Sabotage PC Server Maintenance Investment ROI Windows Server 2008 R2 Micrsosoft Digital Signage Processor Benchmarks Myths Threats Scams Managed Services Provider Facebook Privacy eCommerce Holidays Inventory Communitications Hosted Desktop Smart Devices Keyboard Net Neutrality Internet Service Provider Workstation Telework Audits Solutions Policy Procedure Organization Innovations Reviews Biometrics Computer Tips Work Windows 8.1 Voice Supply Chain Environment Workplace Strategies Print Management Healthcare SSD Remote Management Telephone System Print Database 2FA Virtual Desktop Proactive Management eSignature Cyberattack Cameras Digital Cameras Mixed Reality Displays

Blog Archive