The reality of insider threats, in many cases, is that the damage is often due to negligence. Many of the experts interviewed here – from the CERT Insider Threat Center, Raytheon Cyber Products, Law & Forensics, Ernst & Young, Crescent Guardian Security and the SANS Institute – concur that many times these breaches are unintentional and due to errors and omissions rather than stemming from a malicious attack by a criminal employed – or contracted – by the company. Fact is, insider breaches are exponentially greater than the threats from outsiders.
Some estimates show that 25 to 35 percent of employees have “inappropriate access” to data, and experts recommend that companies have strong internal controls that assume an insider attack is imminent. The business side of the enterprise must understand the value of the data being created and assign proper protections accordingly. The bring-your-own-device (BYOD) trend also opens up a variety of new risks from insiders.
Click here to download this ebook on the insider threat.