In an effort to protect national security and intellectual property from foreign threats and bad actors, the Canadian government is setting new guidelines, effective immediately, that work national security considerations into funding criteria for university research.
According to a study conducted by Aberdeen and commissioned by Code42, data breaches from insiders can cost as much as 20% of annual revenue. Perhaps just as important, the study showcased that at least one in three reported data breaches involve an insider.
Over the last two years, ransomware has been, without a doubt, the hottest topic in cybersecurity discussions in both the cybersecurity community and the general population. Major attacks like the one on SolarWinds and against Colonial Pipeline have dominated headlines — and for good reasons.
The insider threat is not a new risk for security teams. And, in the wake of COVID-19 and the newly remote workforce, there has never been a greater need for organizations to better balance their efforts to defend against both external and internal threats.
The insider risk is real for every organization, though it looks different among each one. Here, we cover obstacles to getting the message out about insider threat as well as practical techniques to improving your insider threat mitigation.
According to the U.S. Department of Justice’s Office of Victims of Crime, workplace homicides declined between 1995 and 2015. Yet workplace homicides are not the most common form of workplace violence — simple assault is. Simple assault is defined by the National Crime Victimization Survey (NCVS) as an attack without a weapon that results in no injuries or minor injuries (e.g., cuts, scratches, black eyes), or any injury requiring fewer than two days in the hospital.
Determining the definition of insider risk to your organization is half the battle in mitigating the threat. The other half is more complicated, involving security culture, defined procedures and responses, and a little bit of technology.
Anyone with access to your organization — employee, contractor, former employee, etc. — poses a potential risk to the enterprise. So, what is insider threat; who should own an insider risk mitigation program within the enterprise; and most importantly, how can security leaders assess and mitigate the risk?
ThycoticCentrify announced new research that reveals more than half of organizations have been grappling with the theft of legitimate, privileged credentials (53%) and insider threat attacks (52%) in the last 12 months. In 85% of the privileged credential theft instances, cybercriminals were able to access critical systems and/or data. In addition, two-thirds (66%) of insider threats led to abuse of administrative privileges to illegitimately access critical systems and/or data.