Only a Quarter of Insider Threats Are Hostile

Only about a quarter (25%) of insider threats are hostile, new research has revealed, with the remaining 75% due to accidental or negligent activity.

NTT Security’s 2017 Global Threat Intelligence Center (GTIC) Quarterly Threat Intelligence Report for the third quarter, based on analysis of data from across the company’s global client base, shows that employees often put an organization at risk without even knowing it—about 30% of the time, as a matter of fact.

Accidental insider threats can take on a variety of forms: Accidental disclosure (e.g., unsecured databases, default internet-facing username and password logins); improper or accidental disposal of physical records (e.g., disposal of paper without shredding, losing sensitive documents, documents or equipment being stolen, etc.); or accidental damage (e.g., accidental misconfiguration or command which results in loss of data or connectivity, like a network engineer who accidentally reverses the parameters in a command line and copies an old backup over the production system, instead of copying the production database to a backup).

Statistically, miscellaneous errors account for around 30% of all accidental behaviors. These include publishing errors, disposal errors or the inadvertent delivery of information to the wrong person (email autofills can often be to blame for this).

“Whether it’s an accidental insider threat, where an employee sends sensitive documents to a competitor‘s email or a negligent insider threat, where an employee downloads unauthorized software and spreads a virus through the company, organizations must have a cybersecurity plan in place to minimize these risks,” said Steven Bullitt, vice president of Threat Intelligence & Incident Response, GTIC, NTT Security.

The report also documented that in instances when organizations do not have a proactive cybersecurity plan in place, the consequences can be devastating. In fact, NTT Security has seen damages due to insider breaches reach more than $30 million. Even in organizations that have well-defined incident response plans, they often don’t provide adequate remediation provisions for insider breaches, leaving the organization less prepared to react quickly.

Overall, the report uncovered a notable increase in the number of security events in general during Q3, up 24% from the second quarter. Phishing campaigns and malware infections both increased by more than 40% from the quarter before.

In terms of targets, the finance industry had the most detections for malicious activity, representing a whopping 25% of all cyberattacks. Rounding out the top five targeted industries were: manufacturing at 21%, business services at 16%, health care at 13% and technology at 12%.

What’s Hot on Infosecurity Magazine?