While rogue employees, such as the infamous Edward Snowden, can be a corporation’s greatest fear, the reality is your employees are probably unknowingly your greatest threat. Better than 60 percent of security events are the result of an inside attack.
Of that group, about 80 percent are from inside people unintentionally compromising your company’s security. They don’t mean to, it’s just that the nature of their job gives them direct access to highly sensitive data. They may not be taking their own security as seriously as you’re taking corporate security.
It’s frightening how careless many users are about corporate security. For example, 40% of all users who have access to a corporate infrastructure use the same login credentials on other non-corporate sites such as Facebook, Twitter, and LinkedIn, said Schoenberg. That’s just one very common example, another is someone with authorized, but unapproved access. It could be an employee that’s authorized to have access to the network from 9am to 5pm, but then you see a single access at 2am. What exactly happened there is not clear, but it definitely would require further investigation.
To combat the unintentional insider threat, all organizations should conduct an audit of your internal team. Where could people be making the biggest impact? A smaller organization could begin a manual audit process, while a larger organization will want to use audit log management tool.
No comments:
Post a Comment