All organisations are vulnerable to insider abuse, errors and malicious attacks. These insider threats run the risk of:
- Damaging reputation;
- Affecting operations and profitability;
- Exposing data; and
- Delivering valuable intellectual property into competitors’ hands.
Insiders can be current or former employees, contractors, or other business partners who have been granted authorised access to networks, systems or data. All of them can bypass security measures through legitimate means.
New report exposes major problem with employees snooping on the corporate network
According to a global survey of 900+ IT security professionals by One Identity, 92% of respondents said they have caught their employees attempting to access information that is not necessary for their day-to-day work.
Alarmingly, almost one in four (23%) respondents admitted this behaviour occurs frequently in their organisation.
More than one in three (64%) respondents have accessed sensitive information about their company’s performance, with executives and those in smaller organisations being more likely to do so.
This survey exposes a major snooping problem that needs to be addressed by organisations’ defence programmes.
Build a defence programme against insider threats
Alan Calder, founder and executive chairman of IT Governance, says: “Insider threat is a big part of the information security challenge that organisations face. In most cases, mistakes will be made unintentionally, but the underlying message is that in order to prevent these from happening, companies must educate staff, enforce effective policies and procedures, and manage access control.
“ISO 27001 should be the default standard that organisations turn to when addressing insider threat and other issues, and adopting an integrated approach to people, process and technology.”
Download our free green paper Information Security & ISO 27001: An introduction for more information on ISO 27001.
Steps you can take to implement a successful insider threat programme
October’s book of the month, Insider Threat – A Guide to Understanding, Detecting, and Defending Against the Enemy from Within, is the ideal resource for anyone looking to learn how a security culture based on ISO 27001 can help mitigate the insider threat. Discover:
- Common characteristics of insider threat victims;
- Typical stages of a malicious attack;
- Steps you can take to implement a successful insider threat programme; and
- How to construct a three-tier security culture, encompassing artefacts, values and shared assumptions.