The biggest threat to your company’s data and network is sitting beside you

Advertisement
The biggest threat to
your company’s data and network is sitting beside youIf you ask entrepreneurs what's the greatest threat to their company's network and data, they may state, "viruses, hackers and cyber criminals," or maybe "faulty hardware, software and system failures". But the truth is—the biggest threat to your company is probably your employees.
Advertisement

In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters included malicious intent, and one-quarter included accidental actors.

What can they really do?

With so much critical data and operations tied up in a company's network, internal damage from employees turns into a significantly greater risk. In a matter of minutes, an employee can delete software or erase years of data vital to a company. They can intentionally download viruses or endeavour to tarnish their boss' reputation by posting erotic entertainment on their company's website or spamming all clients with racist, hateful and offensive emails. Alternately they can essentially download client lists and other confidential information and sell it to competitors, post it online or utilize it to start a competitive business.

Cyber criminals are experts at hijacking identities. Some accomplish this by compromising an employee system through malware or phishing attacks; some leverage stolen credentials, particularly by gleaning data from social networks. Much of the time attackers can expand a hacked user's access within a system, driving them to significantly more sensitive information.

Advertisement

What can you do?

Understanding the users who hold the potential for most noteworthy damage is critical. Tending to the security risks that these people represent, and the critical assets they access, should be a priority. Specifically, monitor IT admins, executives, key vendors, and at-risk employees with greater vigilance.
So when you read the following scurrilous headline about some breach by an external hacker, remember that these attacks account for less than half of the breaches out there. Furthermore, remember that the hacker likely used the identity of a clueless employee to pull it off. Make a move to ensure your association isn't the one in these headlines.