Ready to Start Your Career?
August 16, 2017
Why Insiders Are the Biggest Threats to Your Sensitive Data
August 16, 2017
By Stephen Voorhees, CISSP, Veriato The latest breach from an NSA contractor should remind everyone of a grim truism about leaks: the greatest threats to an organization come not from the outside, but from those within. Fact is, insiders pose a greater risk to your cyber security than the sum of all outside pernicious actors. It’s not that insiders necessarily have malicious intent. It’s that they may have system authentication privileges, as well as access to a variety of valuable digital assets—from your strategic plan and control systems to lists of customers and various accounts. That makes your precious data vulnerable. The producer of your web content is potentially a bigger danger than a cyber criminal operating half a world away. Why? That insider, whose job entails uploading content to the site for the eyes only of certain executives, say—or of time sensitive material—can release it early or to other parties with potentially disastrous consequences to an organization’s reputation or finances. Someone in payroll or human resources, with access to employee social security numbers and other personal data, can easily exploit this information for gain. The same is true for those who have privileged access to your IT systems. Let’s take a closer look at why insiders pose such a significant threat. According to a recent survey conducted nationwide:
- 70% of those whose jobs entail special access to sensitive data think they are “empowered” by their employer to look at anything on the system, even if it’s not critical or relevant to their work.
- 66% look at “confident or private” data just out of curiosity.
- 58% of organizations “are unnecessarily granting” access privileges to employees that don’t require them.
- 48% of phishing ploys from outsiders target insiders with system access.
- 46% of malicious intrusions deliberately hit such insiders in order to get access to their privileged credentials.