When considering cybersecurity strategies for data protection, guarding against external threats is usually the first on the list. However, headline-grabbing cyberattacks account for only half of the root causes of data breaches, according to the 2020 Cost of a Data Breach Report released by the Ponemon Institute and IBM Security. The rest are due to internal security threats and system glitches.
The human factor is often the hardest to control and predict when it comes to data protection. Some companies invest in employee training in hopes that a well-educated workforce, aware of the financial and reputational consequences of data breaches, will be enough to increase vigilance and deter poor security practices. However, the truth is, in many cases, organizations are only one careless employee away from a damaging security incident. There is also always the potential danger of malicious insiders and disgruntled employees that want to damage a company’s reputation or steal data on their way out of an organization.
But what are the most common insider threats that jeopardize a company’s data security? Let’s have a look at the most prevalent five:
1. Phishing and social engineering
Phishing and social engineering attacks have become two of the most popular ways hackers infiltrate a network and spread malware and ransomware. Although technically external threats, they rely on easy-to-scam employees. Cybercriminals trick insiders into revealing their credentials or clicking infected links or attachments by impersonating friends or other trusted sources or offering unexpected prizes from sought-after brands. Once inside, they can easily compromise network security.
While antimalware and antivirus software can help prevent phishing attacks by identifying suspicious emails, social engineering is best dealt with through security awareness training. Employees must be educated on how outside attackers may approach them and how they need to react when they receive suspicious requests. An understanding of social engineering is essential to prevent it. Know-how should also be put to the test to identify any potential weaknesses among employees.
2. Data sharing outside the company
Employees sharing confidential company data such as intellectual property or sensitive information protected under data protection laws like personally identifiable information (PII) or healthcare data, either publicly or with third parties outside the company, can spell disaster. This usually happens out of carelessness: a reply all button is hit instead of a simple reply, information is sent to the wrong email address, or something is accidentally posted publicly.
These kinds of incidents are rarely helped by training as they represent human errors which we are all prone to. Specialized software like Data Loss Prevention (DLP) tools can help organizations keep track of sensitive data and ensure that its transfer, whether by email or other internet services, is limited or blocked altogether. Some DLP solutions like Endpoint Protector offer the option of setting up different permissions and security policies based on an employee’s department and working hours.
3. Shadow IT
The use of unauthorized third-party software, applications or internet services in the workplace is often hard to trace by the IT department, which is where the term shadow IT comes from. The reasons for the prevalence of shadow IT are fairly simple: employees use known applications for things like file sharing and messaging out of habit because they improve their efficiency and lighten their workload or are more user-friendly than company-authorized alternatives.
This is problematic because companies are, most of the time, unaware that this is happening, essentially creating a blind spot in cybersecurity strategies. A further danger is the potential vulnerabilities of these third-party services, which can lead to data leaks or security breaches, but also non-compliance with data protection legislation which can lead to steep fines.
Shadow IT usually signals a failure on the company’s part to provide employees with the right tools to perform their tasks. Organizations should have an open dialogue with their employees to understand their technological needs and try their best to meet them. DLP tools can also help companies prevent employees from uploading sensitive information to these unauthorized services. By monitoring these attempts, they can reach a better understanding of shadow IT within their organization.
4. Use of unauthorized devices
A lot of data protection policies focus on data transfers outside the company network over the internet and fail to consider another often used method: portable devices. USBs, in particular, have long been the bane of data protection strategies. Easy to lose or steal but convenient to use, USBs have led to some disastrous data breaches, such as the by now infamous Heathrow Airport security incident in which a careless employee lost a USB with over 1,000 confidential files, including highly sensitive security and personal information.
The easiest way to prevent these kinds of breaches is to block employee access to USB and peripheral ports altogether. However, there is no denying USBs’ usefulness in the workplace. For companies who still want to use USBs, there are safeguards that can be implemented to address these cybersecurity threats. Chiefly among them is enforced encryption of all files transferred onto USB sticks combined with a trusted devices policy that would allow only trusted devices to connect to a company computer.
5. Physical theft of company devices
In today’s increasingly mobile work environment, employees often take their work computers and portable devices out of the office. Whether working remotely, visiting clients, or attending industry events, work devices frequently leave the security of company networks and become more vulnerable to both physical theft and outside tampering.
Encryption is always a good solution to guard against physical theft. Whether it’s laptops, mobile phones, or USBs, encryption removes the possibility that anyone who steals them can access the information on them. Enabling remote wipe options can also help organizations erase all data on stolen devices from a distance.
Source : https://www.endpointprotector.com/blog/top-5-internal-data-security-threats-and-how-to-deal-with-them/