Welcome to this week's round of Weekly Cyber Awareness Tips. Since October is CyberSecurity Awareness Month, we would like to take advantage of this opportunity to inform you on current issues in the battle against cybercrime, since we know you're a company that takes this matter seriously. Therefore, the key focus this week will be "Insider Threats."
What Are Insider Threats?
An insider threat occurs when an authorized user, like an employee or business partner, exploits a vulnerability in an organization's network in order to steal confidential information.
How Common Are Insider Threats?
● The prevalence of malicious insider attacks and accidental breaches is viewed as higher than external attacks by 66% of businesses.
● 85% of security breaches involve the human element.
● Statistics on the prevalence of insider threats show that over 70% of attacks are not reported externally.
● There has been a 450% increase in employees circumventing security controls to intentionally mask online activities.
● Over the last two years, the frequency of insider attacks has climbed by 44%.
● Only 28% of firms use automation to monitor user behavior.
● 53% of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of the intent of an attack.
Best Practices for Preventing Insider Threats
● Implement monitoring controls and practices.
● Adopt strict policies and procedures for managing passwords and accounts.
● Control and keep an eye on remote access from all endpoints, even mobile devices.
● Designate a clear authority for controlling and mitigating this risk associated with this type of threat.
● Understand and safeguard your essential assets.
● Identify and respond properly to any suspicious behavior.
● Perform enterprise-wide risk assessments.
● Implement strict password and account management policies.
● Include malicious and unintentional insider threats in the security training that all employees get on a regular basis.
● Set up ways to keep an eye on employees' actions and connect information from different data sources.
Thanks and stay safe!