Partner content: The role of cyber negligence in insider threats

And how to fix it

clock • 3 min read
Partner content: The role of cyber negligence in insider threats

When IT leaders think about insider threats, scorned employees making off with intellectual property when they leave for a new job or workers stealing data for financial gain may spring to mind.

However, most incidents stem from carelessness rather than maliciousness.

According to research by Ponemon, 56% of insider attacks were caused by employee or contractor negligence or carelessness, costing on average $484,931 per incident. The research found that respondents are most concerned about credential theft, followed by malicious insiders and then negligent users, so may be underestimating the risk posed by human error.

New ways of working and new risks

Many employees who raise their organisation's insider threat risk may simply be trying to do their job. People rushing to finish a task or project who have access to sensitive data or IP can cut corners, or are unaware of the steps they should take to ensure their devices remain secure - meaning data is unwittingly stored in unsecure environments.

The rise of remote working has made mitigating the issue even more of a challenge. With employees increasingly moving away from their organisation's traditional security perimeters, accessing corporate networks using their personal devices, and moving from place to place, it is easier for data to fall into the wrong hands due to carelessness.

From leaving a device on public transport, to unwittingly clicking on a phishing email while distracted, or forgetting to install a vital update away from the watchful eyes of IT teams, this change in environment has introduced new vulnerable entry points and risks.

Not only does this risk apply to an organisation's own employees - it extends to contractors and employees in supply chains too.

Furthermore, the Great Resignation and ongoing tech skills shortage has meant that organisations may rush to replace talent, meaning onboarding and offboarding policies may not be properly followed. Carrying out these processes securely is important amidst a competitive job landscape, in which insiders may be more likely to try and take data to a new job.

In fact, recent research from Proofpoint found that of the 27% of UK survey respondents that changed job last year, 42% admitted to taking data with them.

Improving cyber awareness

While having the right tools in place creates a strong security foundation, if employees bypass security policies while carrying out their jobs or send data to unsecure environments, they are all but redundant. A people-centric approach to cyber security is therefore essential.

Promoting a culture of cyber vigilance requires regular training to assess employees' current level of security awareness, and identify areas for improvement. Regularly testing cyber literacy, without creating a blame culture, is also key to assessing the efficacy of a training programme and improving awareness levels.

For those that do not currently have a training programme in place, ensuring everyone in your organisation understands security protocols and the consequences of data loss, creating up-to-date Bring Your Own Device (BYOD) policies and establishing a means for employees to flag potential issues is a good place to start.

Technology and training in tandem

While important, training can go only so far, with even the most alert of employees capable of making mistakes while trying to do their job. The right technology is also needed to catch any security blunders that fall through the net.

Technologies such as data loss orevention (DLP), privileged access management (PAM), user and entity behaviour analytics (UEBA), and security information and event management (SIEM) can all help mitigate the risk posed by insider threats, both malicious and careless.

It is also important for organisations to implement a people-centric insider threat management (ITM) programme, suited to today's world of work. ITM makes it easier to see what information employees are accessing and how data is moving throughout an organisation, improving your ability to detect and respond to insider threats at speed and at scale.

As digital transformation and hybrid working continue to redefine organisations' security perimeters, a combination of both advanced technologies and a culture of cyber vigilance are needed to better identify and detect risky behaviour before data loss, downtime, or financial consequences can occur.

To find out more about the rise of insider threats, read the report

This post was funded by Proofpoint.

Related Topics

You may also like
ICO breaks silence on Bank of America fraud case

Legislation and Regulation

ICO breaks silence on Bank of America fraud case

Data regulator has maintained a 'no comment' policy for months

clock 11 April 2024 • 3 min read
The Righteous Moraliser - a new kind of insider threat

Threats and Risks

The Righteous Moraliser - a new kind of insider threat

The risk of insider threats has long been high on the agenda of information security professionals.

clock 18 October 2023 • 4 min read
Long Reads: A chance meeting cost this CIO £400,000

Security

Long Reads: A chance meeting cost this CIO £400,000

Betrayal, bewilderment and Bank of America

clock 02 October 2023 • 7 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Threats and Risks

Hackers launch brute-force attacks on business VPNs and more
Threats and Risks

Hackers launch brute-force attacks on business VPNs and more

The attacks rely on trial-and-error attempts to crack login credentials

Dev Kundaliya
clock 18 April 2024 • 2 min read
Palo Alto Networks patches 'critical' vulnerability under active exploitation
Threats and Risks

Palo Alto Networks patches 'critical' vulnerability under active exploitation

Volexity says a ‘spike in exploitation’ is likely

Kyle Alspach
clock 16 April 2024 • 2 min read
CISA issues emergency order on Microsoft breach by Russian hackers
Threats and Risks

CISA issues emergency order on Microsoft breach by Russian hackers

Affected bodies must take immediate action, agency says

Kyle Alspach
clock 12 April 2024 • 2 min read