• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   The inside job: How hackers are stealing data from within

The inside job: How hackers are stealing data from within

  • Posted on:January 25, 2016
  • Posted in:Industry News
  • Posted by:
    Noah Gamer
0
Is your company safe from internal threats?

Data breaches have a pretty specific public perception these days. Media focus on cyber attacks resulting in the loss of private information has led many to believe that outside hackers are the only way companies can lose control over their data. While these events obviously need to be taken seriously, recent Trend Micro research has found that only one quarter of breaches can be linked to cyber criminals.

Many companies ignore the possibility of internal employees being responsible for the loss of private information. It can be hard to scrutinize the people working daily to build up your organization, but data breaches coming from inside the business aren’t something to be taken lightly.

Many employees willing to sell information

While every employer would like to believe that their workers can be trusted, the sad reality of the situation is that some staff members are ready to sell company data for personal profit. In fact, a recent study conducted by Clearswift highlighted the danger many businesses face when trusting their employees with highly-sensitive information.

The report states that around 35 percent of workers would sell private company data if someone offered them the right price. While that number should certainly be alarming to any administrator, the truly frightening part of the report came from how little some people are willing to accept in order to betray their employer.

The study found that around 3 percent of employees would give up this information for only $155. Although 3 percent certainly isn’t a large portion of your workers, this part of the report highlights just how dangerous it is to let every single employee have access to sensitive information. A data breach could be a huge drain on a company’s ability to conduct business, and apparently many staff members are willing to hang their employer out to dry for less than the amount of a new cellphone.

Sometimes it’s just naivety

Even though there are clearly employees at every organization willing to sell company information to the highest bidder, simple greed isn’t the only cause of internal data breaches. Many times, private data can be exposed simply because an employee doesn’t know the dangers of a certain action.

Take, for instance, the test that was conducted by the U.S. Department of Homeland Security. Officials from the agency went around to multiple governmental buildings and placed flash drives in the parking lots near employee vehicles. The object here was to see how many workers would find the flash drives and plug them into their work computers, thereby risking the safety of their building’s private internal network.

What the agency found was shocking. Around 60 percent of employees went right ahead and connected the devices into their computers without even considering that these flash drives could contain malware. That statistic is high enough as it is, but apparently putting an official company logo on the side of the flash drive increased plug-in rates to 90 percent.

What this shows is that internal leaks don’t have to be the result of greed or disrespect for company administrators. In many cases involving data breaches coming from inside the organization, simple ignorance to proper cyber security best practices is all it takes. Human error is one of the most powerful drivers behind bad events in the workplace, and it’s also very hard to work against.

What can company administrators do?

Although this has been something of a bleak look at the employer-employee relationship, it’s important to note that it’s not all bad. The majority of workers are good, trustworthy people that also know how to avoid mistakes of naivety. That being said, company administrators do need to worry about the minority of staff members that would cause a data breach for one reason or another.

Thankfully, there are some pretty easy steps officials can follow to avoid cyber crime. First, employers need to sit down and have an honest discussion with their workers about network security and how to avoid cyber threats. Many employees simply don’t understand the risks of plugging in unknown flash drives, and as such administrators need to have a comprehensive conversation that underlines what should and should not be done in the workplace.

After this, Trend Micro recommends that employers limit the number of people with admin privileges to only those that absolutely need these abilities on a regular basis. While this might slow operations up a bit, it’s an absolutely necessary step. Figuring out who’s responsible in the wake of a data breach is hard enough, but doing so with a multitude of employees with admin privileges is an absolute nightmare. Limiting the number of people with access to private company information allows officials to mitigate the risks of an internal, malicious breach.

Finally, administrators should look into cyber security software. As stated above, human error is a big part of workplace mistakes, and as such it’s a lot easier to leave certain duties to mechanical minds. The Interscan Web Security Virtual Appliance service provided by Trend Micro allows administrators to manage live web use across the company. This allows officials to keep tabs on who is doing what, thereby letting them make sure workers aren’t getting ready to sell sensitive data.

Related posts:

  1. Hackers get more targeted with recent spear phishing campaigns
  2. Employees lack data security training, study finds
  3. Stealing the show: Why hackers want your Netflix information
  4. Debunking Breach Myths: Who is Stealing Your Data?

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.