Insider Threats: Past – Present – Future
According to CIO DIVE “Insider Threats” are the #1 cybersecurity concern in 2018.
By definition, insider threats include any malicious attack on an organization from current or past employees, business associates or anyone with access to the company’s proprietary data that could be used against them in a detrimental way.
In order to understand fully how we got here it’s first helpful to clarify where we’ve been. Historically, the threat of corporate data loss has included trade secrets, breach of confidentiality agreements or sharing of any confidential information not intended for public consumption with the financial sector at the forefront of abuse.
For example: as early as the 1800’s government and industry officials profited from manipulating New York’s Harlem Railroad stock by using insider information to sell it short. In 1909 the US Supreme Court established a ruling requiring the director of a company to disclose insider information or abstain from stock trading. Later, in 1934 congress passed the Securities Exchange Act setting out clear provisions to prosecute against illegal insider trading.
By the 1960’s the Securities and Exchange Commission (SEC) introduced sweeping changes including prosecution against “tipping” of information to another person authorized to trade with greater control over brokers and dealers.
In the 1980’s Ivan Boesky stunned Wall Street with a $100 million fine for insider trading and Foster Winans wrote the book on leaking inside information and setting new standards for journalism ethics across the country.
The 1990’s saw 17 charged at AT&T for insider trading and by the turn of the 21rst century Jeff Skilling (former CEO of Enron) was found guilty of securities fraud and sentenced to 24 years in prison. The list goes on and on.
Today, sensitive information may be financial, medical, legal, or any proprietary trade secret owned by an organization. However, the rate of risk and vulnerability has increased significantly with the advent of computers and mobility of data.
Recent studies on cybersecurity threats in the business community show about 1/3rd of IT professionals found external cyber attacks were an issue while the other 2/3rds felt internal cyber attacks were much more difficult to detect and prevent.
External threats like those from Phishing, Ransomware and Data Exfiltration are all critical to address in order to run a safe and secure environment. Disrupted business activities, compromised employee productivity and IT expertise to address these issues are all costly expenses. However, the cost of internal threats from data breaches that compromise trade secrets, leaked confidential competitive advantages, exposing products / concepts in early production or simply damaging a company’s reputation are estimated to be 10 times or more than external threats.
One leaked document with no monitoring detection or prevention measures in place could ruin a corporations image and future. And these breaches can originate from any privileged business user including partners, executives, IT staff and even customers.
While nobody has a crystal ball to predict the future and it’s impossible to have a 100% secure corporate cybersecurity environment, it is possible to mitigate the risk by taking reasonable measures.
These measures as pointed out by CSO Online include: knowing your assets (databases / file servers) taking extra precaution with mobile devices and the cloud where it will leave your premises; know your people – especially those who have access to your assets; monitor your activity by maintaining daily logs and use employee computer monitoring software; use SSL encrypted activity protection; apply machine based analytics to capture human intuition in real time; and conduct a full forensic analysis of any suspicious behavior whether malicious or careless.
Better safe than sorry. Good luck with securing your corporate environment.
-Steve Marshall is a contributing author on cybersecurity
Photo by Christina Morillo on Pexels