Reading time:
3 min

The Crushing Harm of Insider Data Breaches and End User Malfeasance

 

60% of Enterprises Suffer Cyberattacks at the Hands of Their Own Employees

In 2018, a Tesla engineer leaked confidential and damaging information to the press starting a nastly and public war or words (and lawsuits) between the employee and Elon Musk.

That same year, Facebook sacked a security engineer the company said abused his access to information to stalk women.

Also in 2018, a Suntrust Bank insider tried to steal personal user information and account data of 1.5 million customers – to send to a criminal organization! 

These examples are far from anomalies. Insiders are responsible for 34% of data breaches, according to the 2019 Verizon Data Breach Investigations Report.

Despite these examples, suffering breaches from insiders, including IT itself, is something too rarely talked about – and commonly covered up to avoid bad publicity.

Verizon is not one to keep quiet. It tracks insider activities in its annual Data Breach Investigations Report, and sees many of these insiders as shockingly brazen. “The corporate LAN was the vector in 71% of these incidents, and 28% took advantage of physical access within the corporate facility. This means the majority of employees perpetrated their acts while in the office right under the noses of coworkers, rather than hopping through proxies from the relative safety of their house,” a recent Verizon report said.

Insider data breaches are far too common, as the Verizon report finds that 14% of breaches come from insiders. Insiders are more dangerous than most outsiders are. Insiders are already on the network, and sometimes with high-level privileges. There are different types of insiders who pose specific and varied risks. For instance, many insiders, such as human resources professionals, IT staff, and high-level managers – all have higher-level computer privileges.

The higher the level of privilege, the bigger the problem. “You have managers (including those in the C-suite) that came in higher than in prior years. You know the type – one of those straight shooters with upper management written all over him. They often have access to trade secrets and other data of interest to the competition and, tragically, are also more likely to be exempted from following security policies because of their privileged status in the company,” Verizon said.

Fighting off the Insidious Insider Threat

To fight off the insider threat, you need a full approach to security, along with the ability to address Office 365-specific vulnerabilities. A key issue is knowing what is going on in the network and controlling dangerous activity.

Verizon advises IT to implement strong access controls and provide access levels fitted to true needs, trust, and levels of responsibility. “Having identified the positions with access to sensitive data, implement a process to review account activity when those employees give notice or have been released,” Verizon suggested.

IT pros are stewards of the IT infrastructure, responsible for securing computer infrastructure and protecting data. This means protecting the company against insider threats – not just blocking outside actors.

The answer is to identify internal and external threats to your environment – then step up your defenses. Here, CoreSecurity alerts give you an early warning system for internal and external threats to your Office 365 environment, so you can identify and defend yourself against security breaches before they occur.

Meanwhile, CoreView reporting is fine grained so data can be analyzed by department, business unit, country and more, so it’s easier to determine exactly where insider breaches first occur.

Protect Your O365 Tenant With CoreView

Get your O365 security profile FREE with our new CoreDiscovery solution. You can get your free software now at the CoreDiscovery sign up page: https://www.coreview.com/core-discovery-sign-up/.

Or sign up for a personalized CoreView demo.

See how CoreView can help you with this

Learn more about securing and optimizing your M365 and other SaaS applications.

Twitter
LinkedIn
Facebook
Doug Barney
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.