The Verizon 2018 Data Breach Investigations report investigated 53,000 incidents and 2,216 data breaches from 67 organisations in 65 countries around the world, which revealed the extent of cyber incidents that occur from someone operating within the organisation.
Financial gain was found to be the motive for almost half (47.8 per cent) of those responsible. More disturbingly, almost one in four (23.4 per cent) were done for “pure fun”.
The findings led Verizon’s executive director for security professional services Bryan Sartin to declare that, “for far too long, data breaches and cyber security incidents caused by insiders have been pushed aside and not taken seriously”.
“Often they are treated as an embarrassment or just an issue for human resource departments,” he said.
“This has to change. Cyber threats do not just originate from external sources, and to fight cyber crime in its entirety, we also need to focus on the threats that lie within an organisation’s walls.”
Employers should be alert to five “insider personalities”, according to Verizon, in order to keep on top of data risks.
Those personalities are:
- The careless worker – Inappropriate rather than malicious.
- The inside agent – Employees recruited, solicited or bribed by external parties to provide sensitive data.
- The disgruntled employee – Those who seek to harm their employer.
- The malicious insider – Using access for personal gain.
- The feckless third-party – Business partners compromising security through negligence, misuse or malicious access.
“Detecting and mitigating insider threats requires a different approach compared to hunting for external threats,” Mr Sartin said.
He urged business leaders to get up to speed with what their digital assets are and who has access to them, in order to determine and hence mitigate the risk of damage.
Interested in the issues shaping the in-house legal landscape? Don’t miss your chance to hear from local and global in-house legal powerhouses at the 2019 Corporate Counsel Summit!