Cyber security threats are not always from the outside. Enterprise Network Security needs to be looked at from a 360-degree approach.
Hackers have become an unwelcome part of the modern business landscape. For the foreseeable future, we will be combating the negative impact they bring to modern society. We tend to think of hackers as an outside force; a Butch Cassidy and Sundance Kid. They gallop into town, rob the bank and leave. It’s easier to think about breaches that way than to think about how many times cyber security threats come from within.
Data breaches are caused by internal employees 43% of the time, according to a study by Intel. Half of those breaches were unintentional. Half were not.
Tara Seals, of Infosecurity Magazine, wrote, “That’s a staggering amount of risk lingering inside organizations”.
We have examples of internal breaches already, for January, 2018
- US Homeland Security– On January 3, 2018; Homeland Security told 247,167 employees that there was a “privacy incident” and names, social security numbers and job roles had been breached. It was determined to be due to internal, not external actors. Read more here.
- Aadhaar-also Jan 3, 2018; Aadhaar’s billion-person database was reported compromised. (Aadhaar is an identification number issued by the Indian government and administered by the UDAI). Former employees were determined responsible for the breach. Read more
Both breaches originated from the inside.
There are many reasons that an employee might decide to breach the data of their own company. Some are opportunistic and some vengeful. Marc van Zadelhoff, writing for the Harvard Review said, “Some steal competitive information, some sell data or intelligence, and some just have a vendetta against the organization.” See the full article here
Some breaches are caused by employees who are well-intentioned but make mistakes. In the same article referenced above, Marc van Zadelhoff writes; “The riskiest of these are well-meaning IT admins, whose complete access to company infrastructure can turn a small mistake into a catastrophe.”
There are many ways an unwitting employee can end up on the wrong website or send a return email to the wrong person.
Whether by their malicious intentions, or their simple mistakes, employees are the biggest risk to an organization. While hardening external defenses against cyber crime, it’s important to harden internal defenses as well.
It’s time to make some changes in how we think about data breaches and focus on both sides of cyber security. Hackers can be external hackers or internal hackers. When all is said and done, The outlaw riding into town on a horse may not be as dangerous as the gossip on the corner.