60% of Enterprises Suffer Cyberattacks at the Hands of Their Own Employees
In 2018, a Tesla engineer leaked confidential and damaging information to the press starting a nast
ly and public war or words (and lawsuits) between the employee and Elon Musk.
That same year Facebook sacked a security engineer the company said abused his access to information to stalk women.
Also in 2018, a Suntrust Bank insider tried to steal personal user information and account data of 1.5 million customers – to send to a criminal organization!
These examples are far from anomalies. Insiders are responsible for 34% of data breaches, according to the 2019 Verizon Data Breach Investigations Report.
Despite these examples, suffering breaches from insiders, including IT itself, is something too rarely talked about – and commonly covered up to avoid bad publicity.
Verizon is not one to keep quiet. It tracks insider activities in its annual Data Breach Investigations Report, and sees many of these insiders as shockingly brazen. “The corporate LAN was the vector in 71% of these incidents, and 28% took advantage of physical access within the corporate facility. This means the majority of employees perpetrated their acts while in the office right under the noses of coworkers, rather than hopping through proxies from the relative safety of their house,” a recent Verizon report said.
Insider data breaches are far too common, as the Verizon report finds that 14% of breaches come from insiders. Insiders are more dangerous than most outsiders are. Insiders are already on the network, and sometimes with high-level privileges. There are different types of insiders who pose specific and varied risks. For instance, many insiders, such as human resources professionals, IT staff, and high-level managers – all have higher-level computer privileges.
The higher the level of privilege, the bigger the problem. “You have managers (including those in the C-suite) that came in higher than in prior years. You know the type – one of those straight shooters with upper management written all over him. They often have access to trade secrets and other data of interest to the competition and, tragically, are also more likely to be exempted from following security policies because of their privileged status in the company,” Verizon said.
Fighting off the Insidious Insider Threat
To fight off the insider threat, you need a full approach to security, along with the ability to address Office 365-specific vulnerabilities. A key issue is knowing what is going on in the network and controlling dangerous activity.
Verizon advises IT to implement strong access controls and provide access levels fitted to true needs, trust, and levels of responsibility. “Having identified the positions with access to sensitive data, implement a process to review account activity when those employees give notice or have been released,” Verizon suggested.
IT pros are stewards of the IT infrastructure, responsible for securing computer infrastructure and protecting data. This means protecting the company against insider threats – not just blocking outside actors.
The answer is to identify internal and external threats to your environment – then step up your defenses. Here, CoreSecurity alerts give you an early warning system for internal and external threats to your Office 365 environment, so you can identify and defend yourself against security breaches before they occur.
Meanwhile, CoreView reporting is fine grained so data can be analyzed by department, business unit, country and more, so it’s easier to determine exactly where insider breaches first occur.
Protect Your O365 Tenant With CoreView
Or sign up for a personalized CoreView demo.
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.