The insider threat is typically viewed as an action perpetrated by a malicious insider who is seeking retribution against an employer or engaged in a nefarious activity for profit. While these are certainly examples of how it often plays out, there is an entirely different side to the coin. As our CEO Christy Wyatt points out in her recent byline in Enterprise Times UK, the insider threat is frequently the result of human negligence, and one we should not lose focus on.
As Wyatt points out in the piece:
Ransomware, misinformation campaigns and attacks on critical infrastructure are the cyberthreats getting the most focus today. The attention is fitting. NotPetya ran up a world-wide damage bill of $10 billion. Daily, Facebook reports the detection and removal of accounts linked to foreign-influence campaigns. It is widely believed that attackers have infiltrated electric grids. None of these concerns should cause us to lose focus on one of the root causes of all security incidents and data breaches — negligent insiders.
But, just what is a negligent insider? According to Wyatt:
Insiders are employees, partners, contractors and other third parties who have legitimate access to networks. Negligent insiders are those who have no bad intentions but make errors that subject their organizations to security events.
And why, according to Wyatt, is it a problem to be taken seriously?
The total dollar amount of all damages caused by negligent insiders isn’t fully known. Several estimates say that negligent insider cases are costing public and private sector organizations up to $283,000 per occurrence, annually.
With awareness, organizations can begin to get a handle on how wide spread the insider threat is in their environments. This is just a first step in remediation though. To learn more about steps that can be taken to prevent insider negligence, read Wyatt’s full article: How to Address the Negligent Insider Challenge.
When Dtex EMEA VP Mark Coates opined that cases of insider bribery would escalate with GDPR enactment, who would have thunk that it would have been immediate? According to Kat Fazzini at CNBC, it’s happening inside some of the biggest corporations in the world, right now. In There’s a booming job market for corporate insiders willing to share secret info with cyber criminals, Fazzini writes:
Amazon said this week it’s investigating whether company insiders have been selling proprietary information to buyers in Asia in order to give them a selling advantage.
Many companies, especially in big technology, banking and telecom, face heavy incentives overseas for employees to sell internal information or access.
The problem is so common that in some jurisdictions, criminal enterprises post “job ads” looking for specific insiders to aid in targeted schemes.
This is an example of the “opposite” side of the coin discussed above, but an equally troubling one. How can an organization as massive as Amazon, with hundreds of thousands of employees, affiliates and partners, ever expect to get a handle on what everyone in its IT ecosystem is doing? While it is not an easy challenge to overcome, it is actually not an insurmountable one. There are a wide array of available technologies that massive, global organizations are using to open up visibility into what their most trusted, and not-to-be-trusted insiders are doing. You can read more here about how the Dtex Advanced User Behavior Intelligence Platform helps to solve the problem.
This week in Washington
If you are going to be at the Forrester Privacy & Security Forum in Washington DC this week remember to check in on Christy’s session. With a focus on a new approach to dealing with the insider threat, The Trusted Insider Approach: How Enterprises Achieve Security, Privacy and Productivity, Christy will present to the audience how the new generation of employee activity and behavior monitoring tools are producing intelligence that reduces risk without compromising user privacy. Her session will be at the Mayflower Hotel, Wednesday, Sept. 26, 11-11:30 AM PDT.
Among the nation’s biggest news this week was the release of President Donald Trump’s National Cyber Strategy. We haven’t fully digested the 40-page document. We will, over then next couple weeks, take a deep look and report back to the security community how we think stands to strengthen the US’ overall cyber position. Initial reports are revealing that it is going to start getting even easier for the fed to commence offensive “hack-back” operations aimed at adversaries. The Hill and The Wall Street Journal both have comprehensive overviews.
The post 9/24/2018: Dtex, Insider Threat, Privacy News: CEO Christy Wyatt Tells Enterprise Times UK How to Handle Negligent Insider Threats, CNBC Reports Insider Bribery on Rise, Wyatt to Speak at Forrester Forum on new Trusted Insider Strategy appeared first on Dtex Systems.
*** This is a Security Bloggers Network syndicated blog from Dtex Systems authored by Dtex Systems. Read the original post at: https://www.dtexsystems.com/9-24-2018-dtex-insider-threat-privacy-news-ceo-christy-wyatt-tells-enterprise-times-uk-how-to-handle-negligent-insider-threats-cnbc-reports-insider-bribery-on-rise-wyatt-to-speak-at-forrester-fo/