(c) Risk Management Monitor
March 20, 2015 by Hilary Tuttle
http://www.riskmanagementmonitor.com/insider-threats-missing-from-most-cybersecurity-plans/
When it comes to damaging cyberattacks, a horror movie cliche may offer a valuable warning: the call is coming from inside the building.
According to PwC’s 2014 U.S. State of Cybercrime Survey, almost a third of respondents said insider crimes are more costly or damaging than those committed by external adversaries, yet overall, only 49% have implemented a plan to deal with internal threats. Development of a formal insider risk-management strategy seems overdue, as 28% of survey respondents detected insider incidents in the past year.
In the recent report “Managing Insider Threats,” PwC found the most common motives and impacts of insider cybercrimes are:
These threats can come from a variety of sources, from employees to trusted business partners who are given extensive access. Even after the costly lesson from the Target breach about the risk of contractors with system access, only 44% of respondents in PwC’s survey have a process for evaluating third parties before engaging in business operations with them, and just 31% include security provisions in contract negotiations.
To fortify against the risk, the firm recommends that organizations use a phased approach to build an insider threat management program over time. This should be formed with an eye to compliance with the National Institute of Standards and Technology (NIST) framework, which highlights the key functions: Identify, Protect, Detect, Respond, and Recover. To explain how and when to tackle these, the report explains:…For the complete article see: http://www.riskmanagementmonitor.com/insider-threats-missing-from-most-cybersecurity-plans/
InCyber Comments:
The InCyber PAS Pro-Active and Predicting System has been proven 100% effective against Insider Threats. For additional information write to: info@incyber.co . We are now offering a Free Insider Penetration Test for up to 500 Employees using your own historical data.