Cyberattacks are, most likely, an inside job

According to “The Federal Insider Threat Report,” published by MeriTalk, approximately 50 percent of federal agencies were targeted by inside threats in the past year. Forty percent were unintentional while the rest were malicious, resulting in unauthorized access to sensitive documents. Most important to note, however, is that one in three of these inside attacks were successful.

This type of breach—from the inside—is not limited to only federal agencies; in fact, quite the opposite is true.

Case in point: Earlier this month, Morgan Stanley came to the realization that up to 730,000 account numbers were stolen from its database by an employee. Confidential information about customers was transferred to the employee’s private server in his home from June 2011 to December 2014. In other words, these activities went unnoticed for three years. This points out that employers might be wise to implement a “trust but verify” model for monitoring how users access, leverage and distribute sensitive information within the enterprise.

Identifying an internal cyber attack can at times prove to be even more difficult than pinpointing an external hack. Many employees have access to important information as part of their role within an organization and they are generally not perceived as theft risks.

According to MeriTalk, 45 percent of federal agencies lack the capability to tell if a document has been inappropriately shared, and 34 percent cannot tell what data has been lost. The report goes on to conclude that many agencies overlook basic security measures and are in need of more real-time alerts. Simply put, federal agencies and private companies are struggling with real-time in situational awareness and data monitoring.

All hope is not lost, though. There are strategies that companies can utilize in order to effectively avoid these kinds of inside risks, such as:

  • Developing and enforcing “need to know” policies
  • Keeping important information in digital safes or secure data repositories
  • Implementing content-aware, continuous monitoring programs (similar to Vulnerability Management programs but for sensitive data)

To achieve these objectives organizations need the ability to monitor sensitive data sources, and implement an action plan when improperly managed data is identified. This includes incident and breach response, as well as, a way to dynamically scale these capabilities as volumes fluctuate. In cases such as Personally Identifiable Information (PII) monitoring, the number of real-time alarms can quickly overwhelm traditional security and privacy response teams. The ability to consolidate, triage, process and report on data usage violations can be time consuming endeavor, but it is a critical component to a robust cyber security plan and privacy program.

To see how automated security operations solutions, such as Swimlane, can help you better enable and improve your incident response, breach response and privacy programs, please contact us for a demonstration.

*** This is a Security Bloggers Network syndicated blog from Swimlane (en-US) authored by Cody Cornell. Read the original post at:

Avatar photo

Cody Cornell

Cody is responsible for the strategic direction of Swimlane and the development of our security orchestration, automation, and response (SOAR) platform. At Swimlane we advocate for the open exchange of security information and deep technology integration, that maximizes the value customers receive from their investments in security operations technology and people. Collaborating with industry-leading technology vendors, we work to identify opportunities to streamline and automate security activities saving customer operational costs and reducing risk.

cody-cornell has 132 posts and counting.See all posts by cody-cornell