No matter how well trained, equipped, and staffed your IT security department may be, they likely aren't fully prepared to single-handedly deal with one of the largest threats to your network cybersecurity: your employees.
According to its 2017 Insider Threat Intelligence Report, Dtex Systems found that 95 percent of surveyed companies contained employees that were "actively researching, installing, or executing security vulnerability testing tools in attempts to bypass corporate security."
How can your business ensure that your data security guidelines are being followed by every employee? Read: The Importance of an IT Security & Compliance Partnership.
Given this fact, it should not be surprising that the firm also identified that 60 percent of the cyberattacks that its customers experienced originated from employees. In more detail, these internal assaults could be attributed to:
Rather than pursuing malicious action, many employees were merely looking to bypass cybersecurity policies to indulge in their personal vices. Dtex found that 59 percent of the organizations that it analyzed had employees accessing pornographic websites via company systems, while 43 percent had staff members engaged in online gambling, including the use of Bitcoins to bet on sporting events.
Personal convenience also played a major role in non-malicious security violations. Roughly 87 percent of surveyed businesses reported employees who used corporate devices to access personal web-based email accounts -- even though many organizations had in place policies and measures to block such activity. By accessing these unsecured accounts using company equipment, these employees increased the likelihood of successful phishing or malware attacks within the corporate network.
Research conducted by Willis Towers Watson backs up this trend, finding that among employees that it surveyed, 22 percent used unauthorized personal devices to work from home and 32 percent used work devices on unsecured public networks, often while commuting or traveling.
When combating employee negligence, cybersecurity training and education can prove an invaluable tool. Many of these documented violations can be attributed directly to ignorance, but by charging employees across your business with the responsibility to incorporate data security into their daily activities, you can help curb negative behavior.
In fact, according to the Willis Towers Watson study mentioned earlier, among those employees who had participated in a security awareness training program:
In addition, your business should regularly encourage staff to report suspicious behavior. While 34 percent of respondents had directly witnessed coworkers breaching corporate security and data privacy guidelines, only 15 percent actually reported these violations.
By more closely tracking the actions of employees as well as overall network traffic, you can better protect your business. Keep your eye out for unusual activity, such as an employee suddenly downloading a large number of private files. And monitor company equipment for unauthorized software or tools -- including anonymous VPN or web browsers -- that could be used to bypass cybersecurity systems or for credential theft.
Pay special attention to employees who have violated company policy in the past -- a clear indicator that they are willing to take risks.
Also consider improving your off-network monitoring capabilities. Routinely, employees who engage in risky or unauthorized behavior will do so when using company systems and equipment while off the corporate network.
Based on the findings of the Dtex report, special scrutiny should be focused on employees either entering or leaving the company. As part of its research, the security firm found that 56 percent of the companies it examined were at increased risk for data theft from employees during their first or last two weeks of employment.
Similarly, monitor external contractors during the on-boarding / off-boarding period. Routinely malicious parties work over a period of time to prepare information and files for exfiltration, providing your security team with an opportunity to react.
When every employee in your organization -- no matter the department -- is armed with the knowledge of how to identify and respond to potential cybersecurity threats, your business adds a whole new layer of monitoring protection that can't be purchased on the open market.
To learn more about our security awareness courses and how you can better prepare your staff to join in the fight against cybercrime, request a demo today.
We're sorry this resource is no longer available, we've redirected you to our Resource center.