As news about web hacking proliferates throughout online media circles, web attacks that stem from external resources are becoming more and more ubiquitous as we speak. Maybe it’s the simple thought of having unwanted outsiders snooping around our most intimate details is what really hits home, but the general public seems to correlate all web hacks as coming from the outside source. However, one overlooked fact about web hacking is that a good portion of it stems from internal sources–whether it’s due to internal negligence or an actual malicious intent. In fact, according to CNBC, 83% of IT decision makers reported experiencing a cyber attack with approximately 58% stating that their data breaches were believed to have been caused by an insider. This is a statistic that should not be taken lightly. There are many reasons why internal employees, those that we inherently trust the most, can also double as our most feared web hacker. Let’s take a closer look at why everyone should be aware of insider data hacks.
Why Does an Insider Data Breach Occur?
There are several factors at play when dealing with data exposure stemming from an internal source. One reason could be due to a more indirect or accidental nature. More specifically, negligence or failure to establish proper security protocols on behalf of employers and their respective employees can unintentionally lead to data exposure. According to the Open Forum by American Express, 36% of company data breaches are caused by employee mistakes. For instance, employees could very well send private company information, such as client or customer reference lists, to their personal emails, provide online account credentials to strangers, or leave online company data unattended, which can all lead to sensitive data exploitation. These insider related data leaks can be directly attributed to lack of oversight, accountability, and, more importantly, proper training from their employers.
Reuters once reported that Edward Snowden notoriously persuaded fellow NSA workers to give him their database login and passwords by telling them he needed their personal information to properly do his job as a system administrator. The classified information that he was ultimately able to gain access to became the basis of his online Government data leaks to the media. This is a prime example of how once this information leaves the company network or premises, it is fair game. Let’s say, for example, an employee begins transferring company data to their email and then subsequently becomes a victim to a hacking attempt. Not only would this employee face the uphill battle of dealing with exploited personal data, but their employer has unknowingly lost valuable private data, such as trade secrets, partnership information, or, even worse, private customer data. This is why an insider data breach can be so difficult to mitigate since these so called data breaches happen behind closed doors. The only saving grace from an external cyber attack is that the ramifications and negative consequences are so noticeable. However, insider data breaches, especially due to negligence or complacency on both parties, can be a difficult situation to overcome. Companies need to be more cognizant of these procedural failures and must place a higher priority on employee cyber security education.
As stated above, one way that insider data breaches can occur could be through more accidental means. However, insider threats can also be caused by intentional or malicious attacks from your very own internal employees who are also known as rogue insiders. The Ponemon Institute, an independent research center dedicated to privacy, data protection, and information security policy, conducted a study in conjunction with Symantec Corporation and discovered that 59% of ex-employees admitted to stealing confidential company information with 61% of these respondents stating that they had an unfavorable view of their employers. The direct correlation between a disgruntled employee and an insider hack attack is undeniable. To put it simply, an unhappy employee with too much administrative access to sensitive data is a recipe for disaster. What companies need to understand is that they should not only look for alternative ways to make their employees happy, but to also correct the root of the problem, which is user access to company information without restrictions or preventative measures in case of data leakage.
Rogue insiders are just as, if not more, dangerous as any other external web hacker. These are the employees we see and work with every day. We’ve built relationships with them, we know them, and they are the ones we trust the most. But once rogue insiders take the turn for the worst and begin executing malicious activity with your company data, this can be a particularly alarming situation. These disgruntled workers can stealthily post company secrets or even sell user data to competing firms in order to make a quick profit. The key is to teach employees that company information and data must be held confidential at all times. There needs to be a clear distinction between having access to pertinent files and having ownership over those said files. Furthermore, employees must understand that suspicious activities and behavior should not be subject to privacy requirements if conducted on company owned property and/or computers. This is a preemptive measure to help deter any malicious activities from rogue insiders.
Tips To Protect Against Insider Threats
Being aware that web attacks aren’t always from external sources is a good first step in properly securing your company and its sensitive data. In order to safely protect against both types of insider threats as outlined above, companies should follow these helpful tips.
1. Provide Proper Information Security Training
Employees must know and respect the fact that all company data is to be kept confidential. Frequent information security training can provide a good foundation for company employees to be aware of any potential data exposure vulnerabilities and to know what is ethically right and wrong. As stated earlier, a lot of data breaches can also be caused by negligence or employee accidents that lead to exploitation of data. Providing regular training and promoting information security awareness can help limit these issues from happening in the first place.
2. Establish Data Access Protocols and Procedures
Having knowledge of all the users and their access rights to sensitive data is a must. Access to internal data can be possible, especially if it is needed for a particular job function; however, the manipulation, transfer, and altering of data must be absolutely limited. Most insiders have free reign to company or customer information and most companies do little to nothing to audit employees’ computers or online data. Additionally, the Ponemon Institute stated that a strong percentage of ex-employees reported still having access to company computer systems and networks even after leaving the company. Every company should take the steps to properly execute strict access protocols to help deter any potential attacks.
3. Have Action Plans in Place
In the event of a data breach, companies should have prepared action plans in place to help minimize the issues as quickly as possible. The first thing any company should do is to notify its employees and stakeholders of a company security breach. This will keep all employees on alert for any corresponding updates and requests for action. Next, it will be important to ask all users and employees to change any sensitive login or account credentials to create an added layer of security around private data. Another helpful tip after experiencing a data attack is to think about measures to prevent these issues from happening again. A good deterrent would be to implement a web application firewall (WAF) that can act as a safety net of sorts to help protect company websites against accidental insider vulnerabilities, such as unintentionally infecting company networks with malware, which can potentially lead to easily targeted attacks from external sources. WAFs can be another added measure to protect against internal employee security mishaps that could eventually lead to more serious attacks.
Information security is a fluid environment. Web hackers, internal and external, are constantly evolving and looking for new modes of attack. It is up to you to stay up to date with the trends in cyber security in order to properly protect you and your customers from a critical data breach. Remember, information security is the responsibility of both employees and employers. No one side should rely on the other to safeguard private company and customer information. Working together towards a more safe online environment is an everyday job that needs constant monitoring and adjustments. Get started today!