The risk of insider threats compared to outsider threats is an ongoing debate, though more companies are taking notice of the risks that insiders can pose to the company’s data security today than in the past. Historically, the data breaches that make the news are typically carried out by outsiders. While these breaches can cost hundreds of thousands of dollars (often millions more), outsider threats are generally the threats that have been addressed with traditional security measures. It’s the threats that originate from inside that are much more difficult to prevent and detect using one-size-fits-all security measures.
Just one of the reasons that insider threats are more difficult to prevent stems from the fact that insiders don’t always threaten the company’s data security intentionally. In fact, many data breaches resulting from insider threats are completely unintentional. To combat these risks, as well as the insider threats originating from those who do have malicious intent, a holistic approach to security is essential in the modern threat landscape – one that adequately addresses not only insider and outsider threats, but effectively manages both unintentional and intentional threats posed by those within your organization.
To gain more insight into the threats posed by insiders vs. outsiders and how companies can effectively mitigate these risks, we asked a panel of data security pros to answer this question:
“What’s more of a threat to a company’s data security: insiders or outsiders?”
Find out what our experts had to say below.
Full article here via Digital Guardian: https://digitalguardian.com/blog/insider-outsider-data-security-threats
Meet the experts: Spencer Coursen @spencercoursen
Spencer Coursen is the President of Coursen Security Group. He is an expert security advisor, threat assessment consultant, and protective intelligence strategist who is dedicated to reducing risk and preventing violence. His systems and strategies help corporations, non-profit organizations, schools, and at-risk public figures ensure the certainty of safety for all involved.
“According to a recent report, 58% of all security incidents can be attributed to…”
Insider threats. The most significant obstacle for a company to overcome is employee complacency. In most corporate environments, upwards of 80% of employees are unable to articulate any real understanding of IT-security related issues and are most likely to introduce a virus through an NSFW download, accept malware through a phishing exploit, introduce a corrupted mobile device (BYOD) to the corporate network, or engage in some sort ofinadvertent human error which may result in a threat to data security (not updating security settings, using simple passwords, doing secure work on public wifi, etc.).
Outside actors take full advantage of these insiders’ vulnerabilities. This is exactly what happened with the Target data breach. In this example, the hackers stole the username and password of an authorized vendor. This gave them unlimited access the Target network without triggering any alarms or raising any suspicion.
Hackers are no longer breaking in through back doors which may trigger alarms. Today they are stealing the keys of authorized users and walking right through the front door.
Spencer Coursen is a nationally recognized threat management expert who has an exceptional record of success in the assessment, management, and resolution of threats, domestic and global security operations, investigations, policy authorship, and protective strategy.
Occasionally, some of your visitors may see an advertisement here