It’s quite evident that threats within an organization continue to be at top of all cyber-threats for businesses, often called as insider threats. These insider threats tend to increase when they all combine. The cloud, mobility, decentralization of IT, and shadow IT— and many more ways are there where people can put data at risk.
The study on organizational behavior reveals that negligent or unsuspecting employees are more dangerous than those who are nasty. The study found that 93% of employees were engaging in at least one form of poor data security.
Is only the IT department responsible for protecting the Data?
Not always. 27% of all respondents and 40% of IT professionals believe that there’s no harm to install applications without consulting IT department. This proves that IT professionals are not always the best data guardians and hence insider threats rise.
Similarly, IT professionals also tend to share same logins with multiple users, and thus maintain access to systems belonging to previous employers even after they leave the organization.
Risky behaviors of the employees and its fix
The simple and effective ways to address the some of the issues of insider threats are given here:
• Problem: Weak passwords. Solution: multi-factor authentication should be integrated.
• Problem: Credentials shared among employees. Solution: Integrate Single Sign-On or a team password where individual passwords alternative doesn’t work.
• Problem: Employees install apps without consulting IT. Solution: Make visibility into each device. Blacklist the apps that don’t meet the security standards.
• Problem: Employees still have data access even after leaving the company. Solution: Establish an exit checklist, revoke passwords /access, and delete data from employee devices.
• Problem: Mishandling email i.e. sending sensitive data to themselves or others or file sharing. Solution: methods like encryption, scanning of email, and network and cloud monitoring can be used.
Conclusion
Insider threats have become a big problem, but can be easily controlled when you’re aware of potential security holes. Companies can be strict with ongoing training, relevant policies, and layers of security technology. Businesses can choose ‘smart’ technologies that can help you quickly remediate security threats. These technologies extend visibility and offer alerts for unusual activity before they turn into data breaches.
Instant remedies should be triggered when a security breach happens. Enterprises should ensure stronger security controls against both sophisticated attackers and insider threats.
