Are you exposed to Insider Risks?
With so much focus on the risk of cyber-attack in recent years, awareness of good cyber hygiene practices has improved vastly. Whilst that might help reduce the risk of cyber-attack to your organisation, there’s still a huge gap that is costing companies millions of dollars every year.
It’s called Insider Risk.
So why should you be concerned? Because employee negligence is the biggest cause of loss or damage to organisations. This is something that can be avoided.
The US Cybersecurity and Infrastructure Security Agency (CISA) defines an insider risk as "the potential for an insider to use their authorized access or understanding of an organization to harm that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities."
A recent benchmarking study of 278 organisations and 6,803 incidents conducted by the Ponemon Institute in the US revealed the following:
- 56% of incidents were caused by careless or negligent employees or contractors, 26% were caused by criminal or malicious insiders and the remainder were caused through credential theft.
- The annualised cost of negligence was USD6.6 million and the cost of criminal or malicious acts was USD4.1 million, however credential theft is the most costly form of insider threat. The total average annualised cost of insider threats is estimated at USD15.4 million.
- The average time to resolve damage from insider threats is 88 days, which has increased over the past year. The major costs are due to loss of productivity from business disruption and the technology cost of response and rectification.
- The frequency that companies are experiencing incidents has increased significantly over the past year.
With the risk of insider threats increasing and the largest proportion of incidents being due to negligent employees or contractors; companies need to take action to minimise their exposure to this type of threat. This risk is also being amplified by the increasing volume of workers transitioning to new jobs.
A loss of critical data due to negligence will typically occur from devices that are not secure or when patching and upgrades are not done in a timely manner. Your security policy is also an important element in protecting the business. Policies that are outdated, poorly written or not implemented and policed will increase the risk of an insider threat occurring.
Response to a major incident will require surveillance, investigation, escalation, incident response, containment and post-incident review. Many of the steps should mirror your cyber-response procedures, however you may require additional processes to effectively manage the human aspects of an insider incident.
Aside from the significant financial cost to rectify an insider risk incident, loss of data can result in business disruption, brand damage and legal action against the organisation.
Time now to ask the question in your company - are we exposed to insider risks?