The Lethal Risk of Insider Threats
The risk of insider threats is one of the biggest threats for companies. Usually, the companies figured out about the insider threats when the damage has been done and too late for prevention, since they tend to focus on the external threats instead of the internal ones. The Infosec Buddy, an information security resource, conducted a survey entitled the 2015 Insider Threat Spotlight. According to the survey, there are only less than half of respondent companies which already armed themselves with decent tools to counter the insider threats. Unfortunately, 62% of security professionals stated that the average company faces four insider attacks per year, costing US$500,000 for each incident, and priceless cost for company’s reputation.
Raj Ananthanpillai, CEO of InfoZen, stated that conventional one-time background check on the new hires is not enough. Companies should be aware whether the employee risk will not be constant over time, there are triggering factors such as bankruptcy, personal issues, negative performance review, and many factors that can change the personality of an employee. Besides, insider threats can come both from employees and third-party contractors, vendors, and partners. Referring to the recent Accenture survey, there are 76% of respondent companies who think that supply chain risk management is crucial. Companies need the comprehensive tools for managing personnel risk over time since people and their motivations are fluctuating.
The risk of insider threats can be reduced by collecting employees’ personal data such as criminal and financial records, network activity and personnel reviews. Companies should constantly monitor their personnel risk before and after they are joined in. By using the continues identity screening software, companies will be able to automatically gathers and analyzes risk data from all information sources, if there is a potential threat, the software can warn the risk and security managers.