Data from the Ponemon Institute
and others confirms that business leaders are rightly concerned about loss from
threats posed by employees, partners and others with ‘insider’ access to their
Since 2016, Ponemon says, the average number of incidents
involving employee or contractor negligence has increased by 26 percent, and by
53 percent for criminal and malicious insiders. Equally disturbing is that, in
the past two years, the average number of credential-theft incidents has
increased by 170 percent.
What constitutes an ‘insider?’
In its far-reaching study on the topic, solutions provider
Better Cloud defines them as “a current or former employee, contractor, or
business partner who has access to an organization’s network, systems, or data
and is either:
(exploited by outsiders through compromised credentials.
(intentionally causes harm, either for personal or financial gain).
(well-meaning, but accidentally exposes sensitive information).”
Ninety-one percent of 500 IT professionals polled by
BetterCloud admitted to feeling vulnerable to insider threats. Business and IT
leaders can greatly reduce the specter of insider threats by working with a managed
service provider like TeamLogic IT.
There are some steps you can take in advance of contacting
outside resources. For example:
visibility into your workforce and contractors; get a holistic view
of who has access to critical data and systems.
users and vendors. Institute security awareness training and
mandate attendance for anyone with contact to sensitive information. Since more
than 60% of security incidents are traceable to negligent or careless employees
and contractors, such a program is more important than ever.
a response plan. Ponemon’s data shows the longer an insider
threat lingers, the more costly it gets. The average time to contain an insider
threat was 72 days, and only 16% of incidents were identified and contained
within 30 days.
Having an incident response plan in place, says Ponemon, is
“key to establishing a chain of command, making smart decisions, and resolving
issues swiftly. A good plan may also help keep you compliant with best
practices for notifying customers and partners in the aftermath of a breach.”
No business is immune to insider security threats. But effective detection,
prevention and recovery require specialized skillsets and tools, like those
available from TeamLogic IT. Contact us
today to make your organization safer and more secure.