Information security and cyber security issues require a savvy risk assessment program managed from the top of the IT enterprise pyramid, from the CISO on down.
Along with outside threats, insiders harboring malicious agendas, and those who unintentionally create risk because they don't follow protocol, place the organization at great risk.
Ponemon Institute and Symantec Research
As we have written about before, personnel lack training in regard to security practices and often generate vulnerabilities due to their lack of understanding. Based on a recent study from the Ponemon Institute and Symantec involving 567 executive-level representatives from inside the US, the researchers found that human errors and internal system errors are significant concerns.
Additionally, the survey uncovered disturbing evidence that the expenses related to these breaches are rising with an average cost per incident of $201 for every record involved. However, for those with a response plan in place, the cost dwindles down to $17 per record.
What’s More Potent? Internal or External threats?
However, in addition to careless mistakes (like fat-fingered typos that can lead to an accidental misconfiguration of a network device), there are those that would seek to sabotage an organization from within as well. Over 35 percent of IT professionals worldwide were more concerned about employee threats than network security threats from outside hackers [1]. Insider misuse, as noted by the 2015 Verizon Data Breach Investigation Report, occurs even when staff has been properly vetted.
A report by the Centre for Protection of National Infrastructure stresses the risks posed to organizations by insiders. They marked negligent insiders and malicious or criminal insiders among the top threats as reported by respondents to a web survey conducted by Unisys & the Ponemon Institute [2]. Even basic 3rd-party hardware, such as USB drives can also be used to implant malware due to the fact that they are regularly moving from machine to machine.
How often are you asking the question; “What is going on in the network?”
- Are people making changes?
- How do you know?
- Is the change authorized?
Often times a staffer will open a port on the firewall for a third-party application without knowing how it will affect the larger ecosystem, inadvertently opening the door for malicious file changes. So, how do you know when something has breached the perimeter and been placed on your system?
References:
[1]
[2] https://www.cisa.gov/uscert/sites/default/files/Annual_Reports/Year_in_Review_FY2014_Final.pdf
