It’s a widespread misconception that you have to have your PC, mobile device, or network hacked in order to experience a cyber breach. The fact is, hack-jobs account for only 52.6% of cyber breaches, according to Risk Based Security’s “First Nine Months of 2016 Data Breach QuickView Report”. Still technically a majority – and they still cause the most extreme severity, in terms of data theft and public exposure of confidential data files – but what about the other 44% of breaches? Inside jobs account for a large part of that remaining percentage, along with skimming, and inadvertent cyber breaches like clicking on phishing links or malvertising ads.
The fact is, (and at the risk of stating the obvious) there are far too many cybercrime opportunists out there not to shore up the fortifications, batten down the hatches, and dig in, trench-warfare style. Cybercrooks like NSA contractor Harold Thomas Martin of Booz Allen Hamilton, who stole and attempted to sell classified US military documents; and there’s the almost endless list of ransomware hackers and “hacktivists” that are busy vying for “craftiest weasel on the web” award whose tricks to get people to click or wire money through social engineering con-jobs seems to be never-ending. You can’t be too careful, in other words. But, you can’t even fully trust your own staff not to be the source of your next cyber breach. In fact, your chances of an inside cyber breach are almost 50/50 with getting hacked from outside, i.e. directly cyberattacked.
Weighing the Insider Threat
As CEO of ThinAir Tony Gauda recently said on the subject said, “For too long, the security industry has heralded authentication technologies as the silver bullet for combatting sophisticated cybercriminals, neglecting the fact that ‘fully-authenticated’ is not synonymous with ‘non-malicious.’ If even some of the world’s most secure organizations are experiencing insider threats, it is a [sure] sign that these human attacks are some of the hardest to track and defend.”
A truly pointed question involving the threat of insider breach was posed by Sue Marquette Poremba, a writer for IT Business Edge, in October, “While not every hack or insider breach is going to result in threats to our national security, they can lead to the loss of proprietary secrets or sensitive employee and customer information. What are you doing to prevent insider breaches?”
Printing Activity Monitoring
Printing activity in particular is a security blind spot in most companies, says Brian White, COO of RedOwl, who advocates for better user assessment tools and the need for behavior analytics in the cybersecurity web, especially in light of the Internet of Things ramp-up. White says companies need to watch the printer use on their networks and look into how behavior analytics could track an insider’s printing activity to discover a potential threat. Behavior analytics, he said, would be able to detect an employee who suddenly went from, say, a handful of printed documents per day (or week) to hundreds, a likely sign you have a mole out to defraud the goose laying the golden eggs.
Need Advice on Insider Threat Assessment and Evaluation?
If you need assistance with optimizing your cybersecurity strategies and internal threat analytics, you can speak to a cybersecurity specialist at Compunet InfoTech, which is a proven leader in providing IT consulting in Vancouver. Contact one of our helpful IT experts at (604) 986-8170 or send us an email at info@compunet.ca today, and we can help you better evaluate and prevent insider cyber breaches.