11 Dec 2019 by Mike Weaver
Integration: The Final Step in Change Management
The final step in successful change management is the Integration stage. Here’s how to bring everything together. Watch now.
The term ‘Insider Threat’ sounds pretty scary, evoking the idea of evil employees, bent on personal revenge or company-wide destruction. While this can be the case, the term also refers to any individual, technology or process that has the potential to pose a threat to your organisation – whether intentional or not.
Whether benign or malicious, insider threats pose one of the largest risks for organisations – especially when it comes to data loss. According to details released by the British Information Commissioner’s Office, ‘human error accounted for 62% of data loss incidents reported to the ICO’. This seems to be even higher for cloud services, due to the flexible, customisable nature of the solution – in Gartner’s 2015 IT predictions, they proposed that by ‘2020, 95% of cloud security failures will be the customer’s fault’, elaborating that the ‘characteristics of the parts of the cloud stack under customer control can make cloud computing a highly efficient way for naive users to leverage poor practices, which can easily result in widespread security or compliance failures.’
Let’s look at some examples of what this Insider Threat can look like in practice.
Examples of data loss caused by user actions
How often do these types of events occur?
According to research by the Ponemon Institute, (The Risk of Insider Fraud, second annual study), ‘on average, organisations have had approximately 55 employee-related incidents of fraud in the past 12 months.’ In addition to this, 23% of organisations in the study claimed that ‘insider fraud incidents existed six months or longer before being discovered and 9% could not determine when they occurred.’ The second statistic is particularly concerning. If your organisation does not have a system in place to detect when potential incidents have taken place, then there is no way of telling whether data loss is occurring in your organisation, what information has been lost or appropriated, and what the risks or damage could be.
While organisations seem to spending more and more on security technology to protect against external threats, it is much more challenging to create a comprehensive strategy for safeguarding against internal threats. Achieving the balance between protecting your environment, and enabling your staff to perform effectively and unhindered is no easy task. The best way to begin creating this balance is often through policy creation for permissions and access levels, but this is a preventative measure – what happens if your threat has already transformed into an incident?
What is the real cost of Insider Threats?
The cost of data loss varies depending on the type of information lost (was it sensitive, confidential, damaging?), the quantity of this information, and the inherent value to the company, stakeholders, and individuals who have managed to get their hands on it. It can also depend on how the information is lost. If a careless user has deleted an important document, the only cost might be the system to detect this issue, and the time and resources involved to recreate it. An accidental external email containing confidential information may be far less damaging than the same act with intent. There is no universal sum that can account for the financial cost of data loss as a whole, however a survey by Securonix found that on average in 2015, ‘insider attacks cost companies about $144,000 per incident’. When you compare this figure to the frequency at which these events take place, the total annual cost of insider threats has the potential to be huge.
Then there’s the cost to your organisation’s reputation. Data leaks from insider sources are just as liable to contain customer data or financial data as they are confidential company information. Perhaps one of your Sales team is moving to a competitor and decides to download a full customer list to take with him. Or maybe an individual is willing to sell customer account details and passwords to the highest bidder. Compensation, loss of business, and damaged brand trust can be extremely costly. No organisation can afford not to spend sufficient time or investment on their security practices, permissions and policies in order to prevent these incidents form occurring.
That’s the potential cost. What can you do about it?
There are three ways you can secure your environment against insider threats.
Need to rethink your insider threat prevention strategy? You can find out more about Discover & Audit here, or sign up for a free 14-day trial.
Cogmotive is the leading global provider of enterprise level reporting and analytics applications for Office 365. Find out more now.