Organizations are investing in technology to ensure the perimeter defense are not breached; however, it is also important to address the risk of insider data breaches. According to a recent report from Forrester, internal incidents were responsible for more than half of data breaches suffered by firms. Cybercriminals have stepped up their efforts and are attacking organizations with increased vigor, but the report suggests more than half of data breaches are caused by employee errors, oversights, and negligence.
Employees are under increasing pressure to get more work completed in less time. This can easily lead to errors being made or shortcuts being taken. Employees may be security minded most of the time, but it is all too easy for sloppy data security practices to creep in. Even with the most robust perimeter security defenses in place, simple mistakes can lead to disaster.
Email Borne Attacks Are Still A Major Risk
During the past 12 months the volume of spam email has fallen considerably. This is partly due to law enforcement taking down major botnets and the increasing use of efficient spam filters. Even with the reduced volume the threat from spam email is considerable. The Forrester report indicates spam email volume has dropped from almost 89% of all emails in 2014 to 68% of emails in 2015. However, over 91% of all spam emails contain a malicious link and 2.34% contain malicious email attachments.
Cybersecurity awareness training has helped to mitigate the risk of insider breaches to some degree but they are still occurring. Most employees now know not to open email attachments from people they do not know, but what about from people they do know?
There has been an increase in business email compromise attacks in recent months. These attacks involve the sending of spam and phishing emails from within an organization. These emails are more likely to result in malicious email attachments being opened and links being clicked than emails from strangers. All emails should be treated as suspicious and should be carefully checked, not only those from outside an organization.
Employees are aware never to run an executable file that has been sent via email and to be wary of opening zip files from strangers. The Forrester report suggests that attackers are increasingly using standard office files to infect their targets. Microsoft Office files are used in 44.7% of attacks.
Employees who install unauthorized software are also placing their companies at risk. The use of shadow IT is behind many data breaches. Cybercriminals are exploiting vulnerabilities in the software installed by end users. Many of these programs contain serious vulnerabilities.
How to Address the Risk of Insider Data Breaches
Tacking the threat from within is more complicated that securing the defense perimeter as it is far harder to prevent employees from making simple mistakes. Organizations must take steps to reduce the likelihood of mistakes being made, while also ensuring that when employees do make data security snafus do not prove to be catastrophic.
Some of the ways organizations can address the risk of insider data breaches include:
- Conduct background checks before hiring new staff
- Ensuring access to systems is terminated before staff are
- Limiting network privileges
- Block the copying of critical data onto portable devices
- Provide all new staff with data security training
- Regularly conducting refresher training sessions
- Conducting quarterly cybersecurity fire-drills to ensure training is not forgotten.
- Sending regular email bulletins to keep cybersecurity awareness training fresh in the mind
- Sending dummy phishing emails to staff to test the effectiveness of training
- Scanning for shadow IT installed on user devices
- Ensuring bank transfer requests are checked by two individuals before being authorized
- Using a web filtering service to block phishing websites and limiting access to potentially risky websites
- Configuring a web filter to block the downloading of risky file types
It may not be possible to eliminate the risk of insider data breaches, but it is possible to effectively mitigate risk.