In the wake of massive data breaches such as those at the U.S. government’s Office of Personnel Management, health insurer Anthem and retailer Target, an enterprise’s initial reaction might be to tighten the security around networks and data. However, you may be forgetting one critical component: the insider threat.
Nearly 72 percent of U.S. federal actions involving employee theft in 2014 involved small businesses – organizations with fewer than 500 employees, according to the 2015 Hiscox Embezzlement Watchlist. Within that group, four of every five victim organizations had fewer than 100 employees, and more than half had fewer than 25 employees.
Before November 2009 little attention was paid to the silent threat cultivating inside of the U.S. Army. That all changed when a common U.S. Army officer, Major Nidal Hasan, killed 13 soldiers and injured 30 others during a shooting spree in the morning hours of November 5, 2009, at Fort Hood, Texas. The significance of insider threats has been reiterated with the shooting at the Washington, D.C., Navy Yard, and the intentional crashing of a Germanwings jet into the French Alps.
"2013 was a gangbuster year for embezzlement in the United States, exceeding even 2012’s previous record pace,” says Christopher T. Marquet, author of The 2013 Marquet Report on Embezzlement, released in December 2014. “What is remarkable is depth, magnitude and frequency of employee theft in the U.S. economy. Vermont topped the list of highest embezzlement risk states in the nation for the third time in six years.”
Rapid growth in the volume of sensitive information combined with new technologies has chipped away at the effectiveness of traditional endpoint protections and network perimeter security.
Account information for approximately 900 Morgan Stanley clients was, briefly, available online. One employee has been fired so far in the incident, and an investigation is ongoing.
In July 2014 alone, 940,000 people in the Professional and Business Services industry left their jobs, according to the Bureau of Labor Statistics. The question is: How much power and access do those people still have over company data?
