Internal actors are responsible for 43% of data loss incidents, and 32% of cyber security professionals say that insider crimes are more costly and damaging compared to incidents perpetrated by external adversaries. At the same time, 49% of businesses have not implemented a plan to deal with internal threats.
So said Keitumetsi Tsotetsi, cyber security risk assurance consultant at PwC, quoting PwC's 2014 US state of cybercrime survey. Tsotetsi will be presenting on 'The weakest link: Your network is only as strong as your weakest user', at the ITWeb Security Summit 2017, to be held from 15 to 19 May, at Vodacom World in Midrand.
She says insider threats are current or former employees, third-party partners, or contractors who have legitimate access to an organisation's network, system, or data and intentionally misuse that access to negatively affect the confidentiality, integrity, or availability of the company's information or systems.
Where we are going wrong
Speaking of where companies are going wrong in terms of the insider threat, she says there is not enough awareness given to employees and third parties about the repercussions of information misuse. "More accountability has to be placed on individuals as is placed on the organisation. Security awareness is communicated as an instruction as opposed to being communicated as a culture."
In addition, organisations are placing full reliance on technology and are not analysing human behavioural patterns. ""The organisation's security risk management does not recognise insider threats as the material risk they are and therefore not enough effort or control is put in place to mitigate that risk.
Tools and measures
In terms of the most effective ways of guarding against the insider threat, Tsotetsi advises companies to create a cyber-savvy environment where users are aware of the methods that attackers use to attack. "Make security a culture and not an instruction."
She adds to understand behavioural patterns, it helps to become aware of changes in employee behaviour, which could be a result of personal financial difficulties, job dissatisfaction, interpersonal conflict or restructuring.
"Organisations should implement formal insider-risk management mechanisms such as having identify, protect, detect, respond and recover mechanisms regarding insider threats as defined in NIST. In addition, ensure that users who have access to information, systems and data are authorised to have the information, and that due diligence is performed on third parties. Reliance is placed on third parties securing information once it is in their hands, therefore organisations must be sure that their third parties have the capacity and capability to protect their information."
Moreover, she advises organisations to provide effective security practices, and implement controls such as data and file encryption, data loss protection, and intrusion detection and prevention systems. It also helps to provide forums where employees can raise concerns in order to mitigate insider threats materialising as a result of disgruntled employees.
Delegates attending Tsotetsi's talk will learn about the importance of understanding decision points and interactions that have an effect on information security, how to create a cyber savvy environment, and managing the insider threat.
Share