When the cyber security threat comes from within

| November 9, 2015

As cyber attacks are appearing more regularly in news reports, organisations are slowly coming around to the fact that it has become a case of when they will be targeted, not if.

Threats are evolving at a rapid pace. Not only are they getting more sophisticated but they are increasingly entering the corporate network via different means of attack.

While organisations have traditionally been more fearful of external threats to their confidential documents, the threat posed by insiders is an equally serious matter.

While the insider threat may be making its way up the corporate agenda, what is not clear is how organisations are dealing with corrupt employee activity.

Here at LogRhythm, a recent workplace security survey we conducted in Australia found that nearly three-quarters of workers believe the greatest threat to data security is employee-related, due to staff downloading infected files or malware, or simply not thinking about security.

Stealing data

The extent of data security exposure that Australian organisations are facing can be seen when relatively small overall percentages are extrapolated into real numbers: the 12% of respondents who admitted to having accessed or taken confidential documents from their workplace without proper authority potentially equates to 719,000 employees across Australia.

Of great concern, too, is that from that group of respondents, 7% accessed those documents after they had stopped working for the company – the main reason being to help them in their new job. This is a very real example of lost confidentiality and IP.

Yet, despite this growing awareness, there is still a stark lack of understanding when it comes to having systems in place to protect corporate data from employees. While 95% of managers say that their company ‘is serious about the security of information’, the reality is that 42% of employees don’t have, or aren’t aware of systems such as passwords and IT checks in place to stop their unauthorised access of data.

It’s undoubtedly a continuous struggle for many organisations to protect their networks from both internal and external threats, but every business needs to ensure it is doing everything it can to stop its data falling into the wrong hands.

Logic would suggest that as organisations come to recognise the potential security threat employees can pose, they would increase their defences. Unfortunately, this doesn’t seem to be the case.

The discrepancy between organisations’ growing security concerns and what they are actually doing when faced with an insider threat, suggests that they still have very little idea of what is happening on the network or the repercussions failed security can bring.

In fact, a third of businesses in the UK cannot even say whether or not their organisation has ever suffered a data breach – something that really should be the bare minimum.

Vital visibility

Organisations need to make sure they have full visibility of everything that is happening on their network so that they can spot any questionable activity as soon as it occurs.

Part of the problem is that many businesses believe that they are adequately protected from today’s threats by just having point security solutions, such as antivirus and firewalls, in place.

While there is no denying that these tools still have their merits, they simply cannot protect against the sophisticated attacks of today alone – in particular with regards to the insider threat.

Without the ability to know exactly what is happening on the network and understand what ‘normal’ activity looks like, employees could potentially remove data from the organisation and remain undetected for some time.

Ultimately, organisations are beginning to realise that the insider threat can prove to be just as big a danger when it comes to data theft as those on the outside. However, actions to mitigate this threat are slow in catching up.

With business productivity increasingly relying on a strong security strategy, it’s imperative that organisations focus on monitoring illicit access, not just from the outside, but also within their own walls.

Only by having continuous insight and being able to recognise any anomalous activities, will organisations be able to provide adequate network protection – from both internal and external threats.

SHARE WITH: