Whether insiders or outsiders pose a greater threat to security is a matter of ongoing debate. According to Verizon’s 2018 Data Breach Investigations Report, 73% of cyberattacks were executed by outsiders and 28% of attacks involved insiders.
While it’s informative to look at the issue from a statistical perspective, numbers don’t tell the entire story. When asked, most cybersecurity experts will say that the insider threat is more serious because it’s harder to detect. If a user has legitimate access to a company’s files, it’s not easy to see if they may be using that access for illegitimate purposes.
Outsider risks are only slightly less serious. Because data is so valuable, a lot of money and resources are applied to hacking efforts worldwide. According to the 2018 report mentioned above, half of all breaches were the work of members of organized criminal groups, and nation-state or state-affiliated actors were involved in 12% of those.
Inside threats are hard to detect. Outside threats are well-funded, persistent, and always changing. Just as new technologies enable novel business applications and opportunities, hackers are leveraging emerging technologies to infiltrate company databases and spoof unsuspecting employees.
TOP RISK FACTORS FROM OUTSIDE
Here are some of the risk factors experts are most concerned about today. Note that many of these take advantage of new and emerging technologies, including blockchain, AI, and IoT devices.
- Weaponized AI: Hackers can poison data training sets or use intelligent chatbots to phish targets.
- Software vulnerability exploitation: Cybercriminals use known software vulnerabilities to gain access to company data.
- Cryptocurrency and blockchain attacks: Most hackers are after money, and blockchain is where currency is increasingly stored. Analysts expect blockchains to be a high-value target for hackers.
- IoT device exploitation: Increased use, coupled with the many known security vulnerabilities, puts IoT devices in the high-risk category.
HOW TO PROTECT YOUR DATA FROM OUTSIDER THREATS
Outside threat factors can seem overwhelming because of the sheer volume and scope. But you can do a lot to keep your data safe if you are vigilant, thorough, and security-oriented. If you focus on the 3 areas listed below, you will be well on your way to a strong security posture:
- Security management: Security auditing and awareness training
- Identity management: Strong authentication, encryption at all levels
- Data protection: Identifying your most critical data and using your best resources to defend it
THE 5 KINDS OF INSIDER THREATS
The reason insider threats can be more challenging than outsider threats is that they are difficult to detect. These people have legitimate access to data, so you must rely on usage patterns and stringent protocols to minimize your risk.
An insider threat can take many shapes:
- Someone looking to exploit data for extra income
- A departing employee who wants to cause problems
- An employee impervious to security awareness training
- Simple bad judgment and carelessness
Internal security threats can be broken down into 5 distinct categories, according to an article published by SecurityIntelligence:
Nonresponders: Staff members who are immune to security training. While these insiders don’t have bad intentions, their patterns of behavior can lead to security breaches. Studies show that people who have fallen prey to phishing campaigns in the past are more likely to get phished again.
Inadvertent actors: These insiders generally display good security behaviors and are compliant with policy, but they unintentionally cause breaches due to accidents, misjudgments, misconfiguration, and forgetfulness.
Hackers focus on the two categories above because they are an exploitable vulnerability.
Insider collusion: An example of insider collusion is two engineers who steal product plans and then quit to launch their own competitor enterprise. Additionally, cybercriminals have been known to recruit employees to steal information.
Persistent malicious insiders: Also known as ‘second streamers,’ these actors are looking for additional income and exfiltrate data in a slow and measured way to avoid detection.
Disgruntled employees: The last category of insider is an upset or unhappy employee who commits intellectual property theft or deliberate sabotage.
EFFECTIVE SECURITY MANAGEMENT
The best way to protect your data from insider threats is to practice good security management.
We recommend following these best practices:
- Implement access protocols and procedures.
- Use strong authentication.
- Conduct awareness training.
- Educate yourself on insider threat types.
- Work to mitigate human resource issues, such as low employee morale.
THIRD-PARTY SECURITY SUPPORT
The best way to really understand your level of risk exposure is to do a security audit. Companies with security concerns often seek support in the form of partnerships.
Security service providers can help with security, threat assessment, solution design, and monitoring. They work as consultants, extensions of your own IT department, and shore up areas such as security using the latest in technology and high-level expertise.
Put some distance between your organization and the risks of data security.
Learn more about Solutions II Data Security Services.