Strong security not enough to battle insider threat
There’s nothing like a good heist or spy flick to get the heart pumping. And many times, that’s the scenario people think of when they think of insider threats. They envision a coworker dangling from the ceiling via black cables while accessing a secure computer, a la Tom Cruise in Mission Impossible.
Unfortunately for those who love drama and suspense, most insider threats are nothing like that. In fact, you could be one right now. Yes you.
A large portion of insider threats come from unwitting employees who are engaging in activities they simply don’t realize are risky. In fact, some experts claim that as many as 80 percent of insider threats are a result of employees that they would qualify as, “careless insiders.”
A great example of this comes courtesy of Michael Dent, the CISO of Fairfax County, Va., who shared the following anecdote in a recent CIO article:
“We had a vendor who took data from the county on a USB — very innocently — he thought he was doing some shortcuts and some help to the county, and he ended up exposing some county data for over two years on an unsecured file share from his company.”
But what causes employees to act in these risky ways?
In many instances, it comes down to convenience. It’s simply convenient for them to put data into their Google Drive and access it from home when they need it. But, in other cases, these activities are the result of IT departments forcing security procedures on their employees that make everyday activities feel clunky, awkward, cumbersome and unnatural.
It’s just human nature. We look for ease of use. We hunger for simplicity. Let’s not sugar-coat it…we’re all a little lazy. And by putting iron-fisted security policies and difficult authentication processes in place, IT departments are effectively driving their employees to circumnavigate the security solutions and find a more convenient way.
Forcing employees to login into a virtual desktop environment through a convoluted authentication solution to get access to their files is a surefire way to get them to store necessary files in an unsecured, personal cloud environment – or to get them to email their files to themselves.
And that’s when bad things happen.
As my associate, Piyush, discussed in a previous post, the average American has pretty terrible cyber hygiene. They reuse passwords. They use weak passwords. They even email themselves their passwords. Just one account getting compromised can lead to multiple personal (and even some professional) accounts or profiles being compromised. And if one of those accounts contains sensitive company data that they stored or sent to themselves, that data is now also compromised.
And the threat of “insider attacks” is greater than many enterprises realize. According to a recent SANS Institute study, about a third of organizations have experienced an insider attack that they’re aware of. And – according to that same study – almost 35 percent of the 772 respondents believe that the potential loss from an insider threat can exceed $1 million.
Insider threats are real, and they can be extremely expensive for enterprises today. Threats and attacks from “careless insiders” are just another reason why it’s essential that the security solutions and authentication processes that enterprises put in place are more than just strong. They need to be strong and simple.
By utilizing solutions that don’t hassle employees, but still protect sensitive data, accounts, profiles and files, companies can be sure that their information is secure and that their employees aren’t intentionally – or inadvertently – putting proprietary data at risk for the sake of convenience.
For additional information about strong authentication solutions that are also easy-to-use, go to www.authomate.com. To try out Authomate’s StrongPass solution – which combines strong security with a simple user experience – click HERE.