• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   Companies must anticipate, prepare for insider breaches

Companies must anticipate, prepare for insider breaches

  • Posted on:December 27, 2011
  • Posted in:Current News, Vulnerabilities & Exploits
  • Posted by:
    Trend Micro
0

While high-profile cyberattacks and instances of hactivism are more likely to capture headlines these days, a business must still be cautious of another type of threat that could prove devastating to its reputation as well as its bottom line – insiders.

Internal data breaches are far less common than external incidents. According to Verizon’s 2011 Data Breach Investigations Report, only 17 percent of data breaches in the last year implicated insiders, while 92 percent stemmed from external agents.

However, this is not to suggest that insider threats should be ignored. Earlier this year, Bank of America lost more than $10 million when an insider sold customer information to criminals. Meanwhile, dozens of healthcare providers, schools and other organizations have been subject to criticism – and often fines – for exposing sensitive information on the Internet or through other channels.

Generally, insider data breaches stem from two types of incidents: accidental error and malicious action. While the latter is more likely to keep IT security practitioners up at night, both can have a significant impact on a company’s operations and therefore must be addressed in order to mitigate any damage or risk.

According to a recent whitepaper from technology news provider IDG, two types of employees are typically responsible for malicious insider threats. The most obvious one is the untrusted insider, which describes a person who is not authorized to access certain computer systems or networks but manages to compromise company data through improperly obtained credentials and backdoor exploits.

Sometimes, an untrusted insider is planted within a company by an outsider looking to exploit or sabotage an organization. The report pointed out that, though fairly rare, this type of insider is difficult to prepare for, as he or she will generally ignore data security policies and procedures to steal information.

The other type of malicious employee is the “trusted witting insider,” who uses legitimate access to “provide privileged information to an unauthorized party,” the report noted. This type of employee is often harder to detect that the untrusted insider, because he or she has generally risen through the ranks of the company and earned the respect of fellow employees. However, the trusted witting employee often describes a person who has become disgruntled with the company and is therefore looking to use his or her insider knowledge to cause harm or for personal gain.

Both of these malicious threats can be difficult to safeguard against, as security policies and authorization credentials are rendered useless. However, a company may improve its chances of detecting such threats through network monitoring tools and other technical controls.

The final insider threat is what IDG called the “unwitting trusted employee.” This is perhaps the most common type of insider threat, as it can apply to virtually any employee. It is not uncommon for an employee – whether motivated to get a job done quickly or simply unaware of policies – to sidestep data security procedures and, thus, accidentally put sensitive company data in harm’s way.

This too can be difficult to prepare for, as a company cannot predict when an otherwise competent employee will slip up. While technical and access controls are the best options for preventing such incidents, stressing a company’s security policies can also be hugely beneficial.

Insider breaches do appear to be on the decline. According to Verizon, the number of breaches implicating insiders slid by 31 percent between 2010 and 2011. However, such occurrences will never disappear entirely, so it is important that businesses anticipate insider breaches and do what they can to mitigate any damages that may result.

Security News from SimplySecurity.com by Trend Micro

Related posts:

  1. The insider threat: Dealing with malicious and accidental incidents, part 1
  2. Data protection measures must prevent insider breaches
  3. Despite breaches, companies failing to take action
  4. Insider misuse and error are increasingly the cause of data breaches

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.