The biggest threat for a security breach is not imposed by nefarious hackers or catastrophic technology failures. It's an organization's own workforce, according to the Harvard Business Review.
Employees play a significant role in an organization's vulnerability to a security breach. Nearly 60 percent of all attacks are carried out by insiders, according to the 2016 Cyber Security Intelligence Index by IBM, Harvard Business Review reported. Three-quarters of these attacks are fueled by malicious intent, and one-quarter are caused by inadvertent actors.
There are three primary types of insider risks to be aware of, according to the Harvard Business Review.
1. Human error. Accidents such as misaddressed emails, stolen devices and confidential data sent to insecure home systems can lead to costly situations. The group of employees at highest risk for committing such errors are IT administrators, "whose complete access to company infrastructure can turn a small mistake into a catastrophe," according to the report.
2. Malicious employees. Unfortunately, sometimes employees aim to steal competitive information, sell data or intelligence or just have a vendetta against the organization.
3. Cyber criminals who steal employees' identities. Cyber criminals can hijack employees' identities through malware or phishing schemes, giving them access to secured information.
The most perilous aspect of insider threats is such attacks come from trusted systems and can fly under the radar. Therefore, managers must be aware of what signals to look for and how to focus their security efforts. Here are four tips from the Harvard Business Review.
1. Protect the most important assets. Malicious actors are interested in access to the business' "crown jewels." After identifying the most valuable systems and data, give them the strongest defense and most frequent monitoring.
2. Leverage deep analytics. Deep analytics can reveal deviations from normal behavior in how employees interact with technology, which could indicate if and when a system has been compromised.
3. Get to know your employees. Knowing the employees who have the greatest potential for damage and addressing the security risks these people represent is crucial. IT administrators, top executives, key vendors and at-risk employees should be monitored with enhanced vigilance, according to the report.
4. Remember the basics. New technology and tools are revered in the IT world, but sticking to the basics is important for protection. For example, enforcing strong standards for user identities and passwords makes stealing credentials much more difficult.