Organizations are spending an increasing amount of money to protect themselves from cyberattacks. As well as spending on security software, companies are also forming large security teams. However, with employees having access to security systems within a company, are organizations at risk from within?
A recent survey published by Imperva conducted amongst 179 IT professionals, which showed 43 percent think they could carry out a successful covert cyberattack on their own company. While this may seem unlikely, the number to attacks coming from employees and former employees is growing.
23 percent say they would not need to do anything complicated to carry out an attack. That number claim they would just need their work laptop to steal information. Additionally, 20 percent claims they could initiate an attack from their own desktop, and 19 percent from their personal laptop.
“Business’ continued reliance on data means more people within an organization have access to it,” said Imperva CTO Terry Ray.
“The result is a corresponding increase in data breaches by insiders, either through intentional (stealing) or unintentional (negligent) behavior of employees and partners. While the most sensational headlines typically involve infiltrating an ironclad security system or an enormous and well-funded team of insurgents, the truth of how hackers are able to penetrate your system may be less obvious: it’s your employees.”
Inevitable Breach
The survey questioned IT pros about potential attacks if they purposely wanted to commit a cybercrime. However, accidental breaches or data leaks are increasing. It’s interesting that organizations are trusting employees but are still at risk from attack, whether purposeful or through error.
Ray says cybercrimes from inside threats is now a major problem for companies, and all organizations will face a breach eventually.
“Every company can take some basic steps in their security posture to minimize insider threats, including background checks, monitoring employee behavior, using the principle of least privilege, controlling and monitoring user access, and educating employees.”
