All organisations are vulnerable to insider abuse, errors and malicious attacks. These insider threats run the risk of:
- Damaging reputation;
- Affecting operations and profitability;
- Exposing data; and
- Delivering valuable intellectual property into competitors’ hands.
Insiders can be current or former employees, contractors, or other business partners who have been granted authorised access to networks, systems or data. All of them can bypass security measures through legitimate means.
New report exposes major problem with employees snooping on the corporate network
According to a global survey of 900+ IT security professionals by One Identity, 92% of respondents said they have caught their employees attempting to access information that is not necessary for their day-to-day work.
Alarmingly, almost one in four (23%) respondents admitted this behaviour occurs frequently in their organisation.
More than one in three (64%) respondents have accessed sensitive information about their company’s performance, with executives and those in smaller organisations being more likely to do so.
This survey exposes a major snooping problem that needs to be addressed by organisations’ defence programmes.
Build a defence programme against insider threats
Alan Calder, founder and executive chairman of IT Governance, says: “Insider threat is a big part of the information security challenge that organisations face. In most cases, mistakes will be made unintentionally, but the underlying message is that in order to prevent these from happening, companies must educate staff, enforce effective policies and procedures, and manage access control.
“ISO 27001 should be the default standard that organisations turn to when addressing insider threat and other issues, and adopting an integrated approach to people, process and technology.”
Download our free green paper Information Security & ISO 27001: An introductionfor more information on ISO 27001.