Assessment & Compliance Tools For Every IT Professional
 

The Cyber Threat You May Be Missing

Back to Blog

15 Apr The Cyber Threat You May Be Missing

Posted at 11:23h in Cybersecurity by

Who poses the biggest threat to your clients’ cybersecurity? Is it the faceless lone hacker, hunched over a keyboard in a dark room? Is it a malicious competitor looking to sabotage? Or could it be someone who shares stories at the water cooler every day?

Big cyberattacks from external hackers make big headlines. And so, many companies take precautions and set up defenses to thwart threats from outsiders.

But many business leaders tend to overlook the threats that don’t make the front page- the ones that always smile and say good morning, the ones that brought in 11 new accounts last quarter, or the ones who bake cookies for every office birthday. The insider threats. Employees. Whether intentional or by honest mistakes, employees represent significant risk to their employers.

As an MSP, if your clients fail to acknowledge the profound threats that lurk within their own halls, use the persuasive talking points in this blog to help educate them. Understanding insider threats will help your clients realize the value of the services you provide.

Behind Their Own Doors

An insider threat is defined as: “the cyber risk posed to an organization due to the behavior of its employees.” There exist both intentional and inadvertent internal threats. The intentional threats are those who deliberately set out to steal or expose data or other sensitive data.

Most employees do not plan subterfuge; the majority of internal threats are unintentional, often born of carelessness or negligence. A 2019 IBM Cost of Data Breach survey revealed that 24 percent of all data breaches in the past five years were the result of negligent employees or contractors.

To Breach Is Human

Human error thrives in the workplace. We’re distracted with multi-tasking or in a rush to handle last-minute projects. Sometimes employees aren’t trained properly to handle data or simply aren’t aware of the dangers and cautions surrounding breaches. In an Insider Data Breach report, 60 percent of executives stated that they felt the major cause of internal breaches were employees who made mistakes while rushing to complete tasks. Another 44 percent felt a lack of general awareness as the second primary reason, and 36 percent cited lack of training for their organization’s security tools.

The Insider Data Breach Report also surveyed the mentality behind unintentional breaches from the employees’ perspective: 48% of staff felt they facilitated a breach when in a rush; 30% cited a high-pressure environment, and 29% stated they were tired.

Ways Employees Present Cybersecurity Risks

  • Lose company mobile devices, such as laptops and phones
  • Don’t password-protect devices or encrypt sensitive files
  • Access data and enterprise networks through unsecured WiFi connections
  • Store passwords on computer or mobile devices
  • Use weak passwords or one password for all access points
  • Open suspicious emails or click on infected links
  • Access company data on personal devices that don’t have antivirus software or firewalls
  • Accidentally send information to the wrong person

Cyber “accidents” happen. Just think of them like automobile accidents: roughly 7,277,000 auto crashes happen a year. Drivers aren’t out on the roadways with the intent to wreck, yet cars collide and people get hurt – sometimes because of road conditions, mostly because those at the wheel are distracted, in a hurry, or otherwise negligent.

Because insiders can cause substantial inadvertent cyber incidents, organizations must apply just as much effort to their internal security as they do for external threats.

Tips for Securing Data Against Insider Threats

  • Educate employees on cybersecurity best practices
  • Require strong passwords for all devices used to access company networks
  • Require file encryption
  • Employ two-factor authentication
  • Do not permit network access on unsecured WiFi connections

However, following these tactics isn’t a complete security strategy. Your clients should look to you as their MSP to bolster their security framework. MSPs can develop a full-spectrum plan that addresses often-overlooked internal vulnerabilities with automated monitoring and daily alerts of suspicious activity. You have an opportunity to show your clients and prospects how to guard against the threats from within.

References:

  1. Cost of a Data Breach, IBM, 2019
  2. Insider Threats: Root Causes and Mitigation Practices, tripwire, 2019
  3. How many car accidents are there in the USA per day?, The Brannon Law Firm, 2017
Tags:
, , ,