When security incidents originate within the organization, whether through malicious intent or negligence, these incidents are considered as coming from “insider threats.” A recent IBM Security Study, “The Cost of Insider Threats,” indicated that 77% of these threats are related to employees accidentally sharing information (either through negligence or theft). The study included 204 companies with 4,716 insider incidents and placed an average annualized cost of $7.37 million on these incidents. While these costs, may not reflect what a small or medium-sized business might experience, the bottom line is these incidents result in significant expenses to the companies that are attacked.
The frequency and sophistication of cyber threats continues to grow with Cybersecurity Ventures “2019 Official Annual Cybercrime Report” calling cybercrime “the greatest threat to every company in the world” and predicting “cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.” Cyber criminals are relentless and leading many to say, “it isn’t if you will be breached but when.” While many may think that they aren’t a target for cyber crime, the fact is hackers don’t discriminate based on company size, industry or other factor. Large companies that might seem like obvious targets tend to be better funded and have greater expertise on staff to combat cyber crime than small-to-midsized companies. This doesn’t mean they aren’t vulnerable only that the success rate of attacks may be lower. Much like baseball, a homerun (hacking into a large company) may be exciting and get lots of exposure but lots of singles (hacking into small-to-midsized companies) still results in winning the game.
Cybersecurity has gone from being a passive activity to a top-of-the-agenda topic with management, ownership and the board of directors. These threats have direct costs to companies in terms of financial losses related to remediation and ransom payments but also have the potential to adversely impact public perception of the organization, possibly resulting in lost customers and business.
What makes stopping these criminals so difficult is that they attack the organization from all angles. While one contingent is taking a direct approach, banging away on your firewall looking for a weakness, another is focused on trickery targeting your most vulnerable assets, your people. People that have been with your company for years, people that you trust, people that are dedicated to the company and just want to do the right thing. Cyber criminals leverage emails and phone calls to get these unsuspecting people to inadvertently share user ids and passwords that can be exploited to gain access to your network.
But how do you reduce the instances of insider threats when many, per the IBM study, are accidental rather than malicious. The answer is through the implementation of employee training, security tools, processes and procedures designed to reduce risks. Here are a few areas where you should focus:
- Help your employees understand why they should care about cyber threats. The harsh reality is some companies that fall victim to a cyber attack go out of business.
- Provide training to teach employees how to identify suspicious communications (email, phone, U.S. mail, etc.) and what to do when they think they are being targeted.
- Implement security tools such as email filtering to reduce the number of nefarious communications that make it to the employee desktop.
- Develop processes and procedures to ensure that systems are updated with the latest patches, strong passwords are in place and that they are frequently changed.
By taking some of these steps, you can increase awareness of cyber threats within your organization thus reducing risk.
If you need expert advice, Racksquared Date Centers can help. Contact us at 855-380-7225 or firstname.lastname@example.org to schedule an onsite assessment where we can look at your environment and give you a quick evaluation of your risk factors.