How cyber security professionals see insider threats
Whilst the popular view of hackers tends to be of outsiders, there's been increasing emphasis in recent years on the threat to enterprise data posed by those inside the organization.
Behavior analytics company RedOwl carried out a survey at last month's Black Hat conference, asking almost 300 security professionals for their views on insider threats, and the results are released today.
Among the findings are that almost half of respondents (47 percent) say their organization has experienced an insider incident within the past year. Nearly half also say that their C-level executives and board of directors are now concerned with insider threats. RedOwl attributes this to the impact of Snowden and other insider headlines, which brought attention to the problem at board level in the same way as Chinese espionage on US companies has focused attention on external threats.
One-third of respondents say the biggest impact of an insider breach is damage to brand and/or reputation. There's also concern about intellectual property loss (20 percent) and financial loss (18 percent).
The report’s authors conclude, "Today, we see two types of insider threat approaches. The first approach is 'insider threat heavy.' It takes a very intense, concerted effort characterized by a dedicated insider threat team and company wide effort. The second is 'insider threat light.' It equates insider threats with malware. In time, we'll see how many companies are evolving into the 'heavy' category. Although we trust (most of) our fellow employees, in the digital era there is simply too much opportunity for malicious or negligent activity. Whether intentional or unintentional, an insider leak is bound to happen. The questions is, how big?"
More information on the findings is available on the RedOwl blog.
Image Credit: Andrea Danti/Shutterstock