09/01/2015

By Heath Davies, CEO, Clearswift


Although hacker gangs and nation-state attacks steal all the cyber security headlines, the most frequent security incidents are those caused by those within an organisation, and are often overlooked. Our survey showed that 58% of cyber threats were coming from inside the organisation rather than outside. Meanwhile, PwC’s Global State of Information Security Survey 2015 found that the most cited culprits of data breaches are those within an organisations four walls, whether that be accidental or malicious.

A company’s employees are potentially its biggest threat, but is an issue that is often overlooked. It’s not really an issue that boards like to address, but it’s an area that needs to be addressed. So how can organisations spot these enemies within? What do they look like, and how can they best protect themselves?

While both external and internal attacks ultimately lead to data ending up where it shouldn’t, the difference is that the enemy within is not necessarily malicious. Sometimes it’s just someone who unknowingly opens an infected email attachment and lets an advanced persistent threat into the organisation. It could be an employee who accidentally sends the wrong document to the wrong client or a trainee that accidentally shares the wrong document with the wrong person. These are not malicious, but could end up in a breach. This risk is always there no matter how diligent employees claim to be.

On the other hand, there is the insider who will actively try undermine the company for their own gain – for example, leaking IP or stealing employee bank details. These individuals can be very tricky to spot, and countermeasures can be very hard to implement.

The insider threat takes many forms, but it ultimately revolves around the unsolicited movement of data. Therefore, protection has to centre on monitoring and preventing it from reaching unauthorised parties. An information governance scheme needs to be set up which prevents data from being accessible and sharable by unauthorised people. This needs to be backed up by technology – for example an adaptive data loss prevention solution which can prevent any kind of data leak, while not obstructing workflows.

Ultimately, not all information has equal value. Understanding who can access it, who can share it and where it is held can help shape security policies to stop data loss before it happens and effectively minimise the risk caused by the enemy within.