From unstable inflation rates through to new regulatory controls, there are many threats that could throw even the most stable finance company into a tailspin. However, there’s one menace that overwhelmingly preys on the CEO’s peace of mind. And that threat is insider breaches.
A worrying 90% of organizations report feeling vulnerable to data breaches that can be traced back to their own team – a fact that’s not surprising given the number of insider breaches increase each year, costing an average of $3.86 million in damages.
So, what can CEOs do to reduce the likelihood of this ever-present risk?
First, it’s crucial to understand the main risk factors which allow insider breaches to occur. According to Gartner, the majority of insider breaches can be attributed to:
- Too many users with excessive access privileges (37%)
- An increasing number of devices with access to sensitive data (36%)
- The increasing overall complexity of information technology
However, to adequately protect against these risk factors, enterprises must be aware of both malicious and unintentional insiders in order to take appropriate prevention measures.
The Malicious Insider
As the name suggests, malicious insiders purposefully leak or sell sensitive company data, upload malware, or steal trade secrets. Whilst financial gain is the biggest motivator for this activity, accounting for 62% of malicious insider breaches, career launchers and saboteurs at 29% and 9% respectively can pose just as much threat.
For instance, Tesla has suffered numerous data leaks at the hands of malicious insiders. In 2018, one of the select 40 employees with access to its proprietary Autopilot software transferred around 300,000 files. Not long after, the engineer was in a new position with rival manufacturer Xpeng Motors. In the same year, the tech firm was hit by a more emotionally charged attack when an employee didn’t receive a lucrative promotion. In a final act of revenge, the employee sabotaged code in the operating system and leaked vital data to third-parties.
The Unintentional Insider
On the flipside, unintentional insiders usually cause a breach due to careless or negligent practices in the workplace. As a result, their credentials become compromised, allowing bad actors to infiltrate the system. This group can pose an even more insidious threat as enterprises are often unaware anything is amiss until serious damage is done.
Punjab National Bank allowed just such a breach to continue for months. The fraudulent transactions reached a hefty total of $1.8 billion before the activity was halted. The fraud went undetected for so long because a valid Level-5 password was in use, meaning automated detection measures did little to help support the bank’s data security.
A Better Way to Manage Insider Threats
If insider breaches weren’t already on your radar, it might seem surprising that the problem is so prevalent — surely such major enterprises have protections in place to prevent employees leaking information?
You’d be right to ask such a question. But in reality, the data volumes and complex digital infrastructures most tech-firms employ have become unwieldy. Imagine how many of Tesla’s 45,000 employees have networked mobile devices that could miss a patch update – it quickly becomes clear there’s no one-size-fits-all solution for data protection in 2020.
However, what is certain is that CEOs can’t afford to leave the threat of insider breaches to chance. A new approach is required to ensure that access levels, data monitoring, and automated detection properly mitigate risks and protect your most valuable asset – your data.
Speak to our advisors today and discover every facet of your sensitive data.