News reports regularly include stories of another cybersecurity breach that compromises financial and personal data. Home Depot, Target, Internal Revenue Service, Office of Personnel Management. What organization will be next? What exposes organizations to these threats?
Many organizations invest in security to protect their data, funds, and reputations. However, protections don’t work if people inside the organization don’t work securely. A recent survey of IT security professionals conducted by Crowd Research Partners (“Insider Threat Spotlight Report”) reveals that many cybersecurity threats come from within.
Security Breaches that Start from Inside
Of the IT security professionals responding to the survey, 63% reported that insider security threats have become more frequent in the last 12 months. Almost 60% of the responders said that “privileged” users posed the most significant risk.
For example, a system administrator failing to change the manufacturer’s default password leaves the door to that system open to unauthorized access. Also, phishing e-mails are a popular mechanism for exposing the organization’s systems to attack.
What Can Be Done?
Nearly half of the IT security professionals reported that their organizations have the controls needed to prevent cyber threats. Having the controls is not enough. People need to know how to follow them and why they are important. How to make this happen?
- Document people’s responsibilities for security and how they can work securely. Security is part of everyone’s job, especially since attacks can come in the form of an e-mail that could be sent to anyone in the organization.
- Train everyone in the organization about security and why it is important. People are more likely to follow procedures when they understand why and what happens if they don’t.
- Implement regular breach detection, in addition to prevention. Attacks are increasing in frequency and sophistication. It’s imperative to locate and shut down the attacks that become data breaches.
It is not possible to completely avoid cybersecurity attacks. Make sure that your employees and others who use your systems know about security and why it’s important. Those two important actions that can keep a cyberattack from becoming a data breach.