Insider threats are pummeling IT

Two recent surveys show that the biggest threat to your systems isn’t actually hackers, it’s the insider threat caused by people in your own building – and many of them are IT pros. 

That’s not to say everyone recognizes the problem could be from within, however. According to an AppRiver survey for the recent InformationSecurity Europe conference:

  • 61% of US businesses saw attacks from outside cybercriminals as the biggest threat to organizations
  • 33% saw non-malicious insider threats as a top concern, and
  • only 5% said malicious insiders were the primary cause of breaches.

That said, when asked to narrow down the biggest threat to their security, most indicated it was users. The results showed:

  • 71% said people were the weakest link in their systems
  • 31% said processes were, and
  • 7% indicated it was technology.

Insider threats on every level

When IT pros picture an insider threat, the mental image might be that of a careless end user opening a phishing email or a user who is a little too trusting of anything he or she sees online.

But according to a recent Ponemon survey, 45% of respondents found it likely that hackers would attempt to phish privileged users such as network and systems admins in an attempt to get their credentials. And as for malicious insiders, 5% of the typical company’s revenues are lost to internal fraud.

IT and other executives might be the last group you worry about, but as the keyholders to some of the most sensitive information, they also make appealing targets.

What to do

Here are four steps to take now to protect against this insider threat.

  1. Realize anyone is vulnerable. It’s not just naive users who can make a costly mistake. Even the brightest and most tech-savvy users can be prone to lapses. Security training and practices are for everyone – not just the end user.
  2. Be stingy with privileges. It’s just a matter of numbers: The more users you have with administrative privileges, the higher the chances of something going wrong. Save these permissions for those in IT who truly need them.
  3. Remind them you’re watching. For insider threats, a simple reminder that their behavior will be monitored can be enough to encourage users to follow security procedures. Stress that you’ll be checking they follow policies, then follow through on it.
  4. Don’t share privileged account info. While you limit the number of privileged users, make sure they hold their credentials close to the vest. Passwords and account info should never be shared, even among their fellow IT staffers.