Archive

Go to:

November 2017
SMTWTFS
1234
567891011
12131415161718
19202122232425
2627282930
< Oct Dec >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Cybersecurity Awareness: 25 Percent of Breaches Due to Internal Actors
Tuesday, October 17, 2017 7:00 AM

NCU-ISAO

According to recent research, nearly 25 percent of data breaches are the result of internal actors, with many organizations reporting that such activity is on the rise.[1] Insider threats, often associated with malicious activity by current and former employees, can actually result from intentional or unintentional/careless activity by employees.[2]

Here are some examples of what insider threats can look like:

  • Posting sensitive documents or information to an unauthorized cloud storage platforms[2]
  • Employees taking documents or customer information with them when they leave the company
  • Malware installed by unwitting employees, or accidental compromise of user credentials due to socially engineered scams[3]
  • Misuse of sensitive information by internal or external users via access to unauthorized systems[1][5]

In order to help defend your business against insider threats, here are some tips for your consideration:

  • Establish and maintain effective security policies
    • This may include acceptable use, privacy, and mobile computing/BYOD policies[2]
    • Establishing firm user-level access controls to systems and data[1]
    • Managing at all organizational levels and supported by the executive team[1]
  • Employee awareness training
    • Understanding the current security policies[2]
    • Deploy a combination of both classroom and online training[3]
    • Focus on the value of data, and what can or cannot be shared and why[1]
    • What employees should do if they suspect phishing or malware activity[2]
  • Use of effective cybersecurity systems and controls
    • Utilizing tools such as data loss protection, and anti-malware detection systems[2]
    • Effective third-party vendor management and access controls[5]
    • Logging or SIEM tools to track and audit user behavior in your systems[5]
  • Report suspicious behavior[5]
    • Furthermore, businesses should make this a simple, unintimidating process

As an additional resource, the attached Insider Threat Tip Card from the Department of Homeland Security provides some statistics, tips, behavioral indicators, and what to do if you’ve been compromised.

References:

  1. Rise in Insider Threats Drives Shift to Training Data Level Security
  2. How to Defend Your Small Business from Insider Threats
  3. Could Your Own Employees Be a Security Threat?
  4. US Cybercrime Survey – Carnegie Mellon University
  5. Homeland Security, Dept. of (n.d.). Insider Threat Tip Card [PDF]

This information has been provided to Cornerstone Credit Union League for Cyber Security Awareness Month, and is used with permission from the National Credit Union Information Sharing and Analysis Organization (NCU-ISAO), whose mission is to advance credit union-specific cyber resilience in a strategic and collaborative partnership.