Data leaks from within become chief concern for cybersecurity
Smart and trustworthy employees are a firm's greatest assets. However, what happens if one of them resigns or is asked to go, and takes with him or her, confidential data that can give your firm's competition an edge?
Here's an example. In July 2020, a 35-year-old man was arrested in Delhi for allegedly hacking into the systems of his former employers and deleting important information from their databases. According to the police, the man was a software engineer at the firm and used his knowledge of the firm’s systems in order to cause them financial loss after he had been fired.
The incident is one among a growing number where employees have posed a threat to the security of organizations in the last two years. The reasons for such incidents include employees selling sensitive data from medical labs and other firms in the black market, for monetary gain. In April 2020, the US Department of Justice charged a man named Christopher Dobbins for delaying shipments of a medical device packaging company by sabotaging their electronic shipping records.
According to a report by Michigan-based Ponemon Institute, insider threats have increased in both frequency and cost over the past two years. The institute interviewed 1,004 IT and IT security practitioners in 278 organizations that experienced one or more material events caused by an insider. A total of 6,803 insider incidents are represented in the research.
For the past two years, employees are left with little option but to work remotely. Given that, several employees are staring at more tech than they are actually fit for, it has led to rising insider security threats. Experts say cybersecurity should be one of the top concerns for business heads, but security professionals have a different story to tell.
According to Vishak Raman, Director, Security Business, Cisco India & SAARC, the increasing dependence on virtual interactions and the rise of connected devices “has widened the digital gap”. He added that the “most prepared and equipped organizations” can still not avoid cyberattacks entirely.
The report categorized insider threats as a careless or negligent employee or contractor, a criminal or malicious insider or a credential thief. Credential thefts include unlawfully obtaining an organization’s sensitive passwords. While insider threats have increased across all three profiles, insider threats triggered by careless or negligent employees are the most rampant, the report said.
About 56% of incidents experienced by organizations represented in this research were due to negligence, and the average annual cost to remediate the incident was $6.6 million. Malicious insiders, that is employees or authorized individuals who use their access for harmful, unethical or illegal activities, caused 26% of the incidents. The average annual remediation of these such incidents was $4.1 million.
Further, the report said that at an average of $804,997 per incident, credential theft is the costliest to remediate. The average annual remediation cost was pegged at $4.6million.
Although resilient cybersecurity is the key concern amidst rapid digitization, organizations’ boardrooms are still not attaching the required significance to it. A report from the World Economic Forum (WEF) last week, noted that Chief Information Security Officers (CISOs) do not agree that cyber resilience is built into the methods and processes enterprises use to manage risks — called enterprise risk management strategies — even when chief executive officers (CEOs) claim otherwise.
While 92% of business executives surveyed in that report agreed that cyber resilience is integrated into enterprise risk-management strategies, only 55% of security-focused leaders surveyed agreed with the statement.
Around 84% of respondents said that cyber resilience is considered a business priority in their organization with support and direction from the leadership, but a significantly smaller proportion (68%) sees cyber resilience as a major part of overall risk management. As a result of these skewed interests, several security leaders say that their opinion is not sought in business decisions that result in security threats. This lack of alignment between leaders can lead to firms being at risk, the report added.
“Leaders' focal objective must shift to bolstering cyber resilience, fostering the ability to detect and manage disruptions. Essentially, if an organization wants to thrive in this hyperconnected world, there is no room for complacency in cybersecurity,” Cisco’s Raman said.