Blog

Most Cyber Attacks are Inside Jobs

Recent research by IBM and others shows that at least 60% of cyber attacks are committed by insiders. Whether such attacks are intentional or not, this finding reveals that companies must thoroughly investigate and prevent both in-house and outside vulnerabilities; Spohn Security Solutions offers advice on how to protect against inside threats before hackers get a chance.

(Austin, TX) November 15, 2017—According to IBM Security research, 75% of insider cyber attacks involved malicious intent and 25% involved inadvertent actors. It was also found that the top three industries most under attack are healthcare, manufacturing and financial services, due to the large quantity of personal data, intellectual property and physical inventory available, as well as massive financial assets, respectively. (1)

The dark web market for PHI/ePHI records sets, stolen credit card and personally identifiable information (PII) is massive, ePHI record sets are selling for over $150.00 with some estimates claiming the total value of compromised records to be nearly $120 billion annually. While the value of different types of data varies, the fact remains that cyber criminals are reaping a financial bonanza when capturing sensitive information. (2)

One way that cyber criminals are now collecting sensitive data is by recruiting employees and turning them into malicious insider threats. A 2016 McAfee report specifically cited the healthcare industry as being plagued by such types of insider threat.(3) Experts estimate that 99% of computers are vulnerable to cyber-attacks.(4) “Companies must take proper precautions when it comes to detecting and preventing potential inside threats,” said Timothy Crosby, senior security consultant at Spohn Security Solutions. “Cybersecurity must include proper training so that mistakes are not made that leave a company’s information vulnerable to a hack. Extensive background checks, effective in-house training, and constant vigilance are all needed to protect a company’s assets.”

According to the Federal Insider Threat Report, approximately 50% of federal agencies were targeted by inside threats in 2015. Forty percent of such threats were unintentional, with the remainder being malicious—resulting in unauthorized access to sensitive documents. Most importantly, however, is that one in three of these inside attacks were successful. (5)

Breaches are sometimes made accidentally. According to a worldwide survey of Information Security Forum (ISF) members, the clear majority of network breaches were caused innocently through accidental or inadvertent behavior by insiders without any intention of harming their employers. In many cases, that vulnerability was, ironically, the result of a trusted employee doing a seemingly run-of-the-mill task, such as taking files home to work on in their spare time. (2)

Crosby points out additional measures that all companies should include as part of their cyber security precautions:

1) The ability to monitor sensitive data sources, and to implement an action plan when improperly managed data is identified.

2) Incident and breach response, as well to dynamically scale these capabilities as volumes fluctuate.

3) The ability to consolidate, triage, process and report on data usage violations.

Spohn Consulting, Inc., an Austin, Texas-based, privately held company established in 1998 by Darren L. Spohn, is an authority in navigating Fortune 500 companies and medium to small businesses through the security business challenges of the 21st century. Spohn Consulting works with organizations to assess their information security posture (the security status of an enterprise’s networks, information and systems based on identification and authorization resources, e.g., the people, hardware, software, policies and capabilities in place to manage the defense of the enterprise and to react as the situation changes), and offers customized instructor-led training and telecom services. Utilizing varied scopes of engagement, it delivers recommendations which can be measured against best practice or compliance standards. For more information on cyber security, visit https://spohnsolutions.com.

References:

1 Van Zadelhoff, Marc. “The Biggest Cybersecurity Threats Are Inside Your Company.” Harvard Business Review, 19 September 2016. https://hbr.org/2016/09/the-biggest-cybersecurity-threats-are-inside-your-company

2 Durbin, Steve. “Insiders Are Today’s Biggest Security Threat.” Recode, Recode, 24 May 2016. https://www.recode.net/2016/5/24/11756584/cyber-attack-data-breach-insider-threat-steve-durbin

3 Beek, Christiaan, McFarland, Charles, Samani, Raj. Health Warning Report: Cyberattacks are targeting the health care industry. McAfee Labs. https://www.mcafee.com/us/resources/reports/rp-health-warning.pdf

4 Kupplinger, Cole. “Big Data Security Analytics: A Weapon Against Cyber Security Attacks? [Video].” BI Survey, BARC, 5 May 2017. https://bi-survey.com/big-data-security-analytics

5 Cornell, Cody. “Cyber Attacks Are, Most Likely, an Inside Job.” Swimlane, 13 Nov. 2015. https://swimlane.com/cyber-attacks-are-most-likely-an-inside-job

6 Moyer, Liz. “Inside job? Equifax investigators looking into possible insider or nation-state help, report says.” CNBC. 29 September 2017. https://www.cnbc.com/2017/09/29/equifax-investigators-looking-into-possible-insider-help-bloomberg-says.html

Advice Disclaimer. This information is not intended to be a substitute for professional public relations or legal advice. Do not disregard professional legal advice or delay seeking professional PR or legal advice because of something you have read here. Contact an attorney to obtain advice on any particular legal issue or problem. Use of this Web site or any of its e-mail links do not create an agency-client relationship between JoTo PR and the user.