The insider threat stands as one of the top challenges facing an organization’s security. Breaches caused by the insider can be more costly and harder to detect than outside database attacks because, by their very nature, they are coming from a trusted source – your own employees. Nearly a quarter of all cybercrime aimed at organizations within both the private and non-profit sectors is the product of an insider threat.
In 2012, over 50% of all organizations reported a cybercrime incident originating as an insider threat. Often these data losses are accidental: the well-meaning employee who misplaces a thumb drive containing patient records while working from home or the busy executive who accidentally adds the wrong recipient on a vital M&A email. Insider theft can also be quantified in terms of lost time and resources caused by employees conducting personal business during work hours or getting too caught up in an online shopping spree.
Many tools originally developed to improve the work productivity and employee work-life balance have inadvertently become major gateways towards potential insider threats, as well. Aside from infecting an organization’s system with malware, personal devices such as cell phones and tablets facilitate copying of company data. When an employee decides to quit, copies of company data often stay on these devices, leading to dangerous levels of undetectable data loss.
Other times, losses can, unfortunately, be malicious, and perpetrated by a disgruntled staffer or a contractor on their way to a new position. In this instance, the insider threat can come in the form of a malicious hacker or outside individual posing as a member of the targeted organization using false credentials. That individual obtains access to the computer systems or networks, and then conducts activities intended to cause deliberate harm or extract stolen data. Many cases involve disgruntled employees who believe that the organization has wronged them and is merely seeking revenge. In this instance, that perpetrator is in a unique position to know the data-web well, making for easier infiltration and theft. Their malicious activity usually occurs in four steps: First, gaining the necessary entry to the network, familiarizing themselves with the nature of the data-web system in order to learn its vulnerable points and, finally, setting up a remote workstation from which their malicious activity can take place.
A recent study by the Ponemon Institute found that over half of employees took company records or intellectual property with them when they left their job, 62% of respondents don’t feel that they did anything wrong by doing so, and a whopping 70% report that their company has no means in place to stop them from accessing confidential data. What this tells us is that as much as we hate to admit it, someone will eventually leave the company and someone will take it all with them when they go.
The unfortunate result is nearly $3 trillion in employee fraud losses globally per year. In 2012 alone, it was calculated that US-based industries suffered approximately $40 billion in losses due to some form of insider threat. The damage caused by these forms of incidents is reported to be greater than any other form of cybercrime, primarily due to an insider threat’s various forms. An unlike deliberate outsider attacks on an organization’s data-web, insider cyberattacks are often under-reported. Only a few cases are revealed to the public or are even known to insider threat experts, often due to insufficient damage or evidence to warrant prosecution, and concerns about tarnished reputations. The risk of revealing confidential data and business processes during investigations may be another reason why many companies don’t report and prosecute insider threat incidents.
innerView recognizes each step in a such an insider threat and includes multiple functionalities to address them all.
The innerView Solution:
innerView protects your organization against insider threat by monitoring file and user activity across multiple channels and alerting administrators to abnormal or risky behavior on your endpoints. Our team has researched hundreds of real world insider threat incidents in order to produce a robust feature set geared toward protecting your organization’s employees, data and resources.
For example, innerView can:
- Identify usual levels of file transfers of files over a given period of time
- Alert you when sensitive data is being moved to cloud storage such as Dropbox
- Monitor files exported from your SAP system
- Alert you of sensitive documents printed, even if they are printed offsite or from a non-company printer
- Send alerts on risky keywords such as violent or sexual terms, current M&A names, administrator passwords being used by non-admins, or company-specific terms
- Identify files moved to external media with the option of automatic encryption
- Monitor files accessed, modified, or deleted from directories containing sensitive data
- Alert administrators when a user logs into a web-based application using credentials that do not match their own
By focusing on your network’s endpoint (both a design and philosophy unique to our solution) and maintaining the broadest possible spectrum of monitoring, innerView has your data security covered in the most comprehensive way available.
Let innerView’s innovative security features truly work for you, not only providing the comprehensive internal monitoring solutions to successfully locate preexisting compliance breaches, but also in educating you and your team how to properly move forward in combating the insider threat.