Few concerns keep business leaders up all night like the threat of a cybersecurity incident. with Average cost of data breach As public sentiment, regulatory requirements, and pragmatic capabilities entrenched for companies exceeding $4 million for the first time and unable to secure their digital environment, many leaders are re-prioritizing cybersecurity in response to an increasingly pressing reality. are specifying.
According to Gartner’s 2021 CIO Agenda Survey, cybersecurity is a top spending priority for 61% of leaders working to address rapidly changing risks and responsibilities.
When making spending decisions, leaders can optimize return on investment by focusing their efforts on internal threats that represent a powerful cybersecurity threat to all organizations. This approach is part of this year’s annual report. Cyber Security Awareness Month, promotes #BeCyberSmart to strengthen the company’s defense posture.
There are four profiles that decision makers must address when making cybersecurity investments against internal threats:
1. Malicious Insider
Employees, contractors, and other trusted third parties compromise data and digital infrastructure for a number of reasons. Most notable are malicious insiders. Motivated by money. Company and customer data is valuable on the dark web, where even amateur cybercriminals can easily access privileged access anonymously.
Meanwhile, some trusted insiders will steal company data, trade secrets and other useful information. This could help them get a new job in a competing organization or gain leverage for financial payments. When employees are frustrated, dissatisfied, or uncertain, they can become malicious insiders who put critical data and digital infrastructure at risk.
recent epidemic further deepening these challenges, as economic uncertainty increases, teleworking and mental health pressure the trusted insider.
2. Accidental Insider
Of course, not all internal threats act maliciously. is estimated to be 85% of all data breaches A “human factor” is involved, and only a fraction of the violations are intentional.
For example, employees inadvertently compromise company data by mis-deploying technologies such as laptops and smartphones that store reports of sensitive information. Accidental insiders can also create data privacy incidents by misdirecting e-mail messages containing company or customer data or sharing information with people outside of your organization.
Accidents are inevitable, so businesses must adopt cybersecurity solutions that address these emergencies.
3. The ignorant insider
Most employees don’t put cybersecurity and data privacy first in their day-to-day responsibilities. They don’t truly understand or audit the impact of a data breach, and even if they identify a threat, they don’t know how to respond to it.
This is especially true of phishing scams. greatly increased during epidemics It continues to plague organizations of all sizes and across industries.
But ignorant insiders aren’t limited to phishing scams. According to one survey, 61% of employees You failed the basic cybersecurity quiz. average company 5% of IT budget to staff training.
Businesses need to ensure that their employees understand the broad nature of today’s threat landscape and have the tools and strategies to protect their data and digital infrastructure.
4. Careless Insider
Unfortunately, some employees are careless without even practicing the minimum best practices to maintain optimal digital hygiene for everyone to keep their online environment safe.
For example, “123456” and “password” continue Two of the most popular ciphers, despite obvious security flaws. similarly, 35% of people Never change your account password even after a data breach notification. It often provides front door access to threat actors.
At the same time, sensitive data is at risk if employees do not take action when they do not even use basic cybersecurity tools such as multi-factor authentication or VPN services.
Where do we go from here?
Going forward, organizations should consider insider threat prevention as an integral part of their overall cybersecurity strategy. It starts with gaining insight into employee digital behavior on corporate devices so IT teams can detect, prevent, and contain all types of insider threats.
And responding to internal threats is not just a software solution. This is essentially a human-centric, comprehensive top-down operation essential. The costs and consequences of cybersecurity failures are enormous, so businesses are wise to invest in organizational values, actionable processes, and security solutions that keep corporate data and digital infrastructure safe from a variety of internal threat representations.
This article was originally Forbes Reprinted with permission.