Counting the cost of insider crime

The recent high-profile coverage of data loss, such as the publication of classified army documents on the WikiLeaks site, has highlighted the issue of the insider threat once again. And a survey conducted by the Ponemon Institute on behalf of...

Share

The recent high-profile coverage of data loss, such as the publication of classified army documents on the WikiLeaks site, has highlighted the issue of the insider threat once again.

And a survey conducted by the Ponemon Institute on behalf of ArcSight has found that insider crime is amongst the most costly cybercrimes a company or organisation can be subjected to. On average, the Ponemon survey found that insider crime took up to 42 days or more to resolve, with an average cost to an organisation of nearly $18,000 per day, or up to $750,000 or more for every incident.

Given that insiders know the organisation very well - its high value assets, its vulnerabilities and, often, its defence -, perhaps this should not be so surprising. 

Whilst this latest breach occurred within a U.S. government organisation, it could just as easily have been a story about a UK business and a disgruntled employee engaging in intellectual property theft.  

So are companies and organisations doing enough to protect themselves from insider threats, and can they ever really be certain that their businesses are secure?

It appears many businesses still have some way to go. According to a recent survey conducted by PricewaterhouseCoopers (PWC), a staggering 63% of UK-based IT professionals said that their organisation did not have an accurate inventory of where sensitive data was stored.

Aside from the organisational challenges this presents, from a security perspective it is hard to ensure sensitive data is adequately protected if the organisation doesn’t know where it is held. Conversely, it is much easier for malicious insiders to steal and manipulate sensitive data and continue to do so over a sustained period of time.

UK organisations may think they have little to worry about from their employees. However, according to the PWC report, many companies face this issue, and often it is a disgruntled or greedy employee who is the perpetrator.

Even for organisations with a happy and harmonious workforce, employees can be easily targeted by criminals to surreptitiously allow them to gain entry into their organisation.

This can occur through identity theft, or by enticing employees to open a seemingly harmless document or link, which actually gives the cybercriminal a route into a company’s network, and enables them to initiate their crime, whether it be stealing identities, money, card details or intellectual property.

Social media is a perfect example where employees and individuals may now be putting themselves at risk. Through the likes of Facebook, Twitter and LinkedIn, employees with extended networks of friends and followers may click on seemingly innocuous links and open the floodgates, or even share sensitive information without meaning to do so.

It is impossible for any organisation to guard against every eventuality. And you may not wish to restrict your employees’ access to social networking sites or personal email accounts. So, knowing who is on your network and what they are doing there is becoming increasingly important.

The bottom line is that companies should expect breaches to occur and be prepared. It is crucial to understand where sensitive data is held and know what constitutes normal or legitimate behaviour within your organisation, if you are going to be able to track and find the anomalies quickly. 

Platforms that can monitor activity on company networks and identify abnormal patterns that place the organisation at risk in real time, are fast becoming a company’s best defence against insider and outsider threats.