Additional Insight into Quantifying Insider Risk
By Veriato - December 25, 2017
From an article by Veriato's CSO published on infosecurity-magazine.com:
Never before have there been so many platforms that let a growing number of people touch, manipulate, download, and share sensitive data.
But there’s a dark side to all that access: It exposes a company to malicious intent and theft of information worth thousands, sometimes millions, of dollars. More alarming is the fact that less than half (42 percent) of all organizations have the appropriate controls in place to prevent these attacks, according to the Insider Threat Spotlight Report.
Smaller organizations often have feebler security and less detection capability than larger organizations. Because more than half of the respondents work in organizations with workforces smaller than 5,000, this could skew some of the results of questions referring to detection and number of breaches, since smaller organizations often do not detect attacks until they are well under way.
It turns out that nearly 80 percent of employee fraud takes place in accounting, operations, sales, senior management, customer service, and purchasing. But it’s critical to establish a risk profile for everyone in the company, no matter which department. Take into account employees’ current roles, levels of privilege, and required access to proprietary information. Senior IT people and C-Suite executives obviously have more privilege and access than mid-level managers and clerical workers. And, of course, the higher the risk in a potential disaster, the greater the need to monitor an employee’s activities.
Prepare to update the risk profile of an individual. Organizations are dynamic, and employees regularly make lateral moves or get promoted. Someone who doesn’t touch sensitive information in one role may very well have access and new privileges in a different assignment.
Employees’ personal lives change constantly, too. A traumatic event, like a death in the family or divorce, psychological problems, or a shift in financial circumstances for the worse—any of these can cause behavioral changes in people. And they all may require re-evaluation of an individual’s level of risk.
To read the full article, click here.