The person in the cubicle next to you could be your company’s biggest security threat.
The large-scale attacks we’re accustomed to seeing in the news — Yahoo, Equifax, WannaCry ransomware — are massive data breaches caused by cyber criminals, state-sponsored entities or hacktivists. They dominate the news cycle with splashy headlines that tell an all-too recognizable story: one of name-brand corporations vs. anonymous cyber villains.
We focus in outsider threats because they’re both terrifying and thrilling, and because they’re familiar. They often have a clear-cut storyline, one that we’ve seen before. But the hyper-focus on cyberattacks caused by outside parties can lead organizations to ignore a major cybersecurity threat: insiders already in the organization.
We’ve seen these threats before too: attacks of dramatic espionage from Snowden, Reality Winner and Gregory Chung — but insider threats aren’t always so obvious, and they pose a risk for organizations that don’t operate in the national security space. In fact, research suggests that insider threats account for anywhere from 60 to 75 percent of data breaches.
They’re dangerous for a number of reasons, including because of how much they vary: from rogue employees bent on personal gain or professional revenge to careless staffers without proper cybersecurity training, insider threats can come from almost anyone, making them a prime concern for businesses. Check out our full infographic to learn more about the motives and methods behind these types of threats.
Are you doing everything you can to prevent insider threats?
If you’re granting unnecessary internal permissions, lack an auditing system for high-risk people or sensitive data, or aren’t paying close attention to possible behavioral indicators of malicious activity, your organization is at risk. You’re more vulnerable than you think — assess your risk today to see what you can do to ward off threats that come from the inside.
Infographic sources:
U.S. Department of Homeland Security | 2018 Insider Threat Report | Digital Guardian | MetaCompliance | ITProPortal | IT Governance | Wired
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.