The NSFW

View Original

Forget Hackers - The Biggest Threat to Company Security is You

If you live in a high-crime neighborhood, you keep your windows locked, open the door only for people you know and turn on the alarm if you leave. Common sense. But these days, executives — from banks to film studios and government agencies — are beginning to understand that we all live in high-crime neighborhoods … that is, when it comes to critical corporate data stored on computers. But burglars in ski masks aren’t the problem here.

93 percent of corporate-security execs fingered “human behavior” as the biggest threat.

That’s according to a survey released by the Virginia-based security-intelligence company Nuix. “Insider threat, relatively speaking, is a new player to the game,” says Keith Lowry, senior vice president at Nuix. Awareness is growing as criminals, even foreign governments, get increasingly adept at tricking insiders into opening the door by revealing their passwords. With bots continuously trolling the Internet, a window inadvertently left open will eventually be found. Online collaboration has also changed the game. “The perimeter has all but disappeared,” says Guy Bunker, senior vice president at cybersecurity company Clearswift.

Clearswift also found that 92 percent of companies surveyed had experienced a data breach in the last 12 months, 74 percent from insiders, and a third of those were a result of “malicious intent.”

Lowry worries about what he calls an increased cultural acceptance of data theft. Indeed, in a survey, Clearswift found that about a third of employees admitted they had a price: 35 percent said they could be bought for $77,500; 25 percent for less than $8,000; and 3 percent for as little as $155, risking job loss and jail time for a relative pittance. Of course, corporate data is sometimes worth millions of dollars. Clearswift also found that 92 percent of companies surveyed had experienced a data breach in the last 12 months, 74 percent from insiders, and a third of those were a result of “malicious intent.”

Why do people do it? The motivations include jealousy, not getting a raise and politics, Lowry says. Some employees steal data when they leave a company. The thinking used to be that all you had to do was teach best practices, like keeping passwords secure or installing the latest software patch. But in the past year, instilling “fear” has become more and more the weapon of choice for getting employees to toe the line, according to Nuix.

As in threatening to fire people. And while the threat of stolen data can seem pretty abstract, the threat of job loss tends to feel pretty concrete.

(Source)