Insider Threats: a Growing Menace

We’ve seen data breaches due to misconfigured databases, technical malfunctions, and a myriad of other causes including accidental disclosure or theft. Data breaches involving personal health information are on the rise, with many of these disclosures the result of an insider threat.

What are insider threats? The CERT Software Engineering Institute recently updated their definition of insider threat to the following:

Insider Threat – the potential for an individual who has or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.

Given this updated definition, it’s no surprise that a report Intel in 2015 shows that 43% of data breaches involved insider threats, a number which has likely grown since then. A 2016 report by Verizon Enterprise highlights that out of 230 incidents involving insiders, 152 involved privilege abuse, meaning that the incident involved someone with authorization to access data for their specific job who used that ability to access information for reasons other than for their job. The report also highlights that while financial motives remain the most common for insider incidents, espionage as a stated motive has grown significantly.

The public sector is also taking a hard look at the best way to combat insider threats, particularly in the past several years with insiders such as Chelsea Manning and Edward Snowden sharing classified information with the world. Insider threats are difficult to detect and deter, because agencies must give individuals access to confidential information and privileged systems in order to do their work, but ensuring that workers do not exploit that privilege is quite the challenge. The Defense Information Systems Agency (DISA) is working on a roll-out of a new, comprehensive, IT services system for the Department of Defense, and is actively looking for a system to aid in combating insider threats. Other agencies are turning to behavioral analytics and big data in an effort to prevent and detect insider threats.

It’s likely that no single software system or management practice will completely eliminate the risk of an insider threat. Organizations will have to harness a holistic approach to security, including technical and management controls to prevent insider threat incidents.

temp mail - Which companies can you trust with your data?

What a fantastic resource! The articles are meticulously crafted, offering a perfect balance of depth and accessibility. I always walk away having gained new understanding. My sincere appreciation to the team behind this outstanding website.

zencortex reviews - Twitter, an Example of Transparency

This website has quickly become my go-to source for [topic]. The content is consistently top-notch, covering diverse angles with clarity and expertise. I'm constantly recommending it to colleagues and friends. Keep inspiring us!

cerebrozen - Twitter, an Example of Transparency

I truly appreciated the work you've put forth here. The sketch is tasteful, your authored material stylish, yet you appear to have developed some nervousness regarding what you intend to deliver next. Rest assured, I'll return more regularly, much like I've done almost constantly, should you maintain this upward trajectory.

Privacy and Technology News

Latest Privacy and Technology News

Insider Threats: a Growing Menace

Related

Share this:

Related