Category : Threats

Three reasons your own people are more dangerous to your business than hackers – Insider Threat

Insider Threat to your Business

Who poses the biggest cybersecurity risk to your business? If your first thought was a Kremlin cyber-warfare unit, or a dark-web king-pin, you are wrong. The most likely source of a data breach at an SME is one of its own employees aka the insider threat.

According to recent research 54 per cent of breaches at small and medium-sized businesses come from an employee or contractor’s negligence. The number, alarmingly, had increased from 48 per cent when firms were asked the question a year earlier.

If you add in the 7 per cent of breaches that are caused by malicious insiders, then 61 per cent of all data breaches come from people on a company’s own payroll. That is almost double the number that are caused by hackers, who account for 33 per cent.

In reality the number which originate from employees could even be higher – in an astonishing 32 per cent of cases firms said they couldn’t even determine the root cause of a data breach. That is arguably the most disturbing statistic of all. If you don’t know how your data leaked, how can you protect yourself in future?

SMEs were asked: What was the root cause of data breaches at your company?

Graph showing the insider threat

Source: Ponemon Institute LLC. Respondents could choose more than one answer.

how do employees cause breaches?

Those numbers might surprise you, but in our experience they ring true. So how do employees cause breaches? Generally, there are three ways.

The first is carelessness. There’s a hundred ways to lose a laptop. Someone can leave it on a train or in a pub, and if the password is easy to guess it can be a goldmine. Once a thief is in you can be certain that he’ll strip it of every bit of data he can – emails, passwords, addresses, dates of birth. Given that he’s already nicked a laptop, he probably won’t hesitate to flog the lot to a fraudster.

The second is being too trusting. On their private email people are always on their guard for phishing emails. But work ones? The company’s systems will filter out anything dodgy, won’t they? It is because people make this assumption that phishing attacks from work emails are so successful. Once they are in, fraudsters don’t exactly shout about it. We’ve all heard too many stories about high-turnover businesses who didn’t realise for months that money was being nicked.

The third common cause of data breaches is revenge. It’s far less common than a cock-up, but as I mentioned above, it accounts for 7 per cent of data breaches at SMEs. If a disgruntled employee decides to pinch personal data or mangle your CRM system, for example, the damage could be irreparable.

How can we help ?

It’s not too difficult to stop any of this happening. All you need are proper systems and training, but we see time and time again that SMEs decide that they can save money on IT security. That’s understandable, but the cost of not doing it properly could be far higher.

To talk to us about how to protect yourself from the insider threat and data breaches today by getting in contact with us here or calling 07958 545129

Cyber Security & Data Protection

If we were to ask you to define cyber security, what would you say? You understand the concept but need to know more?

The definition of Cyberspace is an electronic medium of digital networks used to store, modify and communicate information. Cyberspace influences and makes a big impact on our lives, our businesses and services. You would assume that your personal information in cyberspace would be secure and protected. We are all aware that isn’t the case in reality.

The UK government are making on-going transformations to protect UK citizens and businesses. They have a mission to protect people from threat actors that use data for inappropriate, malicious and illegal purposes.

Cyber Security plays a massive part in the private and public sector. From national security, the fight against terrorism, crime or industrial devastation for example. Cybercrime is an everyday occurrence. The risks of storing data in Cyberspace are huge but necessary and protective security measures should be taken.

Being Secure Online in Business

Security threats build and the government need to step up their game.  They are attacking the problem but is it enough? It’s not solely just up to the government to sort the problem. It is the responsibility of companies and us as a country.

Cyber Security is a topic that we should educate ourselves about. Who and what are we dealing with when it comes to cyber security and data protection?

  • The cyber space pirates – this includes hacktivists groups and terrorists. Their resources, accessibility and capabilities are huge. They have the ability to cause carnage on computer networks. Targeting the government, the military, businesses and individuals
  • Cyber space crime is an extension of normal crime. The difference is, the pirates don’t need to be in the location of the crime to do the deed. It’s a crime that can be free, cheap and on a massive catastrophic scale
  • The heartless pirates can use software (malware) to demolish cyber infrastructure. This could be as simple as taking a website offline or just damaging infrastructure. A process known as CAN (Computer Network Attack)

Businesses have a responsibility to their customers to keep their data safe, as well as to shareholders and investors to remain competitive in a global marketplace.

The new GDPR due to come into force in May 2018 will help tackle the data protection issues. **Insert a link to your GDPR articles. You could make reference to some key points. The government are trying to build a country where people know that there data is protected and they can move forward with confidence to use the internet.

How are the government going to deal with cyber security and data protection?

  • Attacking the problem and the source
  • Making businesses realise their responsibilities when it comes to data protection
  • The government will educate organisations so they know how to protect the data
  • A realisation that so far, the government’s effort to deal with the issue has been insufficient
  • Efficient cyber security risk management is vital
  • There needs to be compliance or there will be a fine!
  • There will be a regular review of the challenges
  • The government will get a better understanding of cybercrime and deliver programmes
  • They should be aware of the constant threat changes
  • Cyber insurance policies should be available to an organisation to cover them against a range of cyber risks