Businesses Get Better At Detecting Insider Threats

The cyber security threat to companies from their own employees is on the rise, according to new research. Data security company Clearswift surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia and found year-on-year cyber security incidents are also on the rise generally.

Clearswift found companies are able to spot suspicious activity significantly quicker than two years previously.

Inadvertent or malicious threats from employees make up 42 per cent of incidents, up from the 39 per cent in 2015.

When looking at the extended enterprise, employees, customers, suppliers, and ex-employees, this number reaches 74 per cent, compared to 26 per cent of attacks from groups unknown to the organisation. In 2015, 33 per cent of attacks were carried out by unknown parties, so this proportion is falling, which may seem surprising given the recent swathe of high profile attacks, such as WannaCry, which affected over 230,000 computers.

Large-scale external threats are more likely to encourage companies to add cyber security to the boardroom agenda, with 29 per cent of UK businesses doing so in recent months.

“As GDPR approaches, every department in a business will need to recognise the potential security dangers associated with the data they use,” said Dr Guy Bunker, SVP Products at Clearswift.

“Businesses may fall victim to the frenzy around high profile attacks and organisations may be quick to look at threats outside the business but, in reality, the danger exists closer to home.

“The blurring lines between personal and work-based technologies has led to an unabated rise in the insider threat.

“A reactive policy of blocking technologies may prove futile as users will inevitably find a work-around. Educating employees about how to safeguard critical information, motivating employees to care more about the ramifications of a breach, and increasing investment in Data Loss Prevention tools are the biggest priorities needed to minimise the risk of internal security breaches.

“Being a responsible data citizen will also require organisations to look at the way in which partners or suppliers hold and share information, as breaches within the extended enterprise could also lead to heavy fines for the originating business.”

Although internal threats pose the biggest threat to most organisations, employers believe that the majority (65 per cent) of incidents are accidental or inadvertent rather than deliberate in intent; this remains unchanged over the past three years and highlights a critical need for better security education within most organisations.

This is particularly relevant, as most businesses believe their critical data predominantly lies in non-technical departments, such as finance (55 per cent), HR (45 per cent) and legal or compliance (43 per cent).

More than half of organisations (52 per cent) say they are spotting an issue within an hour, compared to only a third (34 per cent) two years ago.

BusinessCloud

You Might Also Read: 

Data Threat: Your Ex-Employees:

Directors Report January 2017. Cyber Security Checklist For Management (£):

 

« Russian Cyber Campaign Aims To Splinter US Voters
Social Media - 'Jargon-Busted' »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

Pyramid Computer

Pyramid Computer

Pyramid Computer provides custom enterprise solutions for Industrial PC, Imaging, Network, Security, POS, Indoor Positioning and Automation.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

TSUNAMI

TSUNAMI

The TSUNAMi center focuses on software and system security and how trustworthy software can be built from COTS software components.

Cobwebs Technologies

Cobwebs Technologies

Cobwebs Technologies provide web intelligence solutions for Law Enforcement (including cybercrime), Intelligence Agencies and Federal Agencies.

Aveshka

Aveshka

Aveshka is a professional services firm focused on addressing complex threats and challenges including Cybersecurity and Information Technology.

Bunifu Technologies

Bunifu Technologies

Bunifu Technologies is an Information Security and Custom Software Development Company.

CyberASAP

CyberASAP

CyberASAP provides expertise, knowledge and support to convert academic ideas into commercial products in the cyber security space.

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

Corsica Technologies

Corsica Technologies

Corsica Technologies is recognized as one of the top managed IT and cybersecurity service providers. Our integrated IT and cybersecurity services protect companies and enable them to succeed.

TPx Communications

TPx Communications

TPx is a leading managed services provider offering a full suite of managed IT, unified communications, network connectivity and security services.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

ThrottleNet

ThrottleNet

ThrottleNet provides world-class managed IT services and cybersecurity to organizations in St. Louis and throughout Missouri.

Aardwolf Security

Aardwolf Security

Aardwolf Security specialise in penetration testing to the highest standards set out by OWASP. We ensure complete client satisfaction and aftercare.

Credo AI

Credo AI

Credo have pioneered a Responsible AI platform that enables context driven, comprehensive and continuous governance, oversight and accountability of AI.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.