Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

Innocent insider threats: Defending against human error
Innocent insider threats: Defending against human error

Published : , on

By Adenike Cosgrove, Cybersecurity Strategist, International at Proofpoint

Insider threats are notoriously hard to detect. Keeping malicious attackers out is challenging enough, defending against those already on the inside is a different proposition entirely. An insider threat does not need to bypass as many defences, it may raise no suspicion and it can often go undetected. In fact,it takes an average of 77 days to spot and contain an insider incident.

All forms of insider threats are on the increase. Last year, insiders cost organisations $11.45m, up 31% on 2018.

While the consequences of such threats can be devastating, those behind the most common insider threat have no malicious intent. Almost two-thirds of insider incidents reported last year pertained to employee or contractor negligence. In other words, simply down to human error.

Negligent insiders come in many forms with many characteristics. What they lack is motive. And this makes them difficult to defend against.

As always, it’s better to prevent a threat than to detect one. The key is to remain pro-active. Identify common errors, ensure employees are adequately trained, and implement fail-safes where possible to mitigate inevitable human error.

Counting the cost of negligent insiders

An insider threat does not need malicious intent to cause substantial damage. Numerous global organisations have paid a heavy price for employee and contractor negligence. Some of the biggest breached have been triggered by a single human error.

Phishing remains a huge issue for cybersecurity teams. Over half of organisations experienced a successful attack last year, yet despite its ubiquity, only 61% of the global workforce are familiar with the term.

It only takes one employee to click on one malicious link to bring about a world of financial and reputation damage – as Sony Pictures can attest. The company spent $35m repairing IT systemsin 2014 after several high-level executives fell for phishing scams. The attackers leaked intellectual property and sensitive emails, as well as stealing over 100 terabytes of data.

The loss of a privileged user’s credentials, be it through phishing or any other means, can have a devastating impact. Once compromised, credentials can be used over sustained periods to access sensitive information, divert funds, cripple networks and much more.

Whatever the nature of an insider threat, the longer it goes undetected, the heavier the price. Those contained within 30 days cost an average of $7.12m while those that take more than 90 days to contain cost an average of $13.71m.

Are innocent insiders putting your organisation at risk?

All organisations are at risk of insider threats – particularly those caused by negligence. No matter the tools and controls we put in place, we’ll never eradicate human error. It’s part of each and every one of us. However, the bigger the organisation, the bigger the risk – and the more severe the consequences.

The number of insider threats experienced increases in line with headcount, as does the financial impact. Those with a headcount between 25,000 and 75,000 spent an average of $17.92m over the last year dealing with insider-related incidents, compared to $6.92m spent by those with a headcount between 500 and 1,000.

By far the leading risk factor as far as negligent insiders are concerned is knowledge and awareness, or the lack thereof.End-users across all job levels and industries are inadequately educated about common risks and their role in defending against them. This is down to a lack of continued and comprehensive training.

A reported 68% of executives and senior managementdo nothave a good understanding of persistent threats and how they can have a negative impact on organisations. Worse still, 60% do not understand that cyberattacks are an ongoing concern.

Defending from within

Fighting insider threats is a complex process. Particularly when the ‘attackers’ have no intention of carrying out an attack. Threats can be hard to define and harder to detect.

Any defence must focus on three key areas – your technology, your processes, and most importantly, your people.

All organisations need solutions in place to monitor user activity and flag any unusual requests and system access. Make use of tools and technology to limit access to sensitive information and to prohibit the copying or export of any such data.

This technology must be backed up with clearly defined, easy to follow processes regarding everything from device management to network access and acceptable use. Employees must be aware of the consequences of failing to abide by these policies.

Finally, equip your people with the skills and knowledge they need to protect your organisation. This is much more than a box-ticking exercise. Training must be continued and comprehensive.

If your employees do not carry out simulated attacks or regularly undertake in-person security workshops, your training is likely inadequate. If they fail to understand the threat posed to your organisation by negligence or are unaware of the role they play in defending against cyberattacks, then your organisation is definitely at risk.

Uma Rajagopal has been managing the posting of content for multiple platforms since 2021, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune. Her role ensures that content is published accurately and efficiently across these diverse publications.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post