The First Line of Defense in Cyber Security
Headlines continue to provide us with more information on large data breaches like Yahoo and Equifax, where cyber attackers gained access to personal information through gaps in security software. But a shocking number of data breaches have nothing at all to do with the level of an organization’s security. Instead, they have everything to do with the people inside the organizations.
Internal cyber incident.
Internal data breaches—breaches caused by employees inside an organization—account for 43% of all data breaches. About half of these are intentional, meaning they are caused purposefully by someone at the organization. But the other half are accidental, caused by neglect, uninformed employees, or simple human error. This number is even higher within the banking sector: IBM reports that in 2016, insiders were responsible for 53% of accidental attacks against financial services security clients.
End users are the key to a strong cyber defense posture.
Employees are an organization’s first and last line of defense, and well-meaning employees can cause data breaches that are just as disastrous as those caused by cyber attackers. Here are some of the more interesting and educational cases of internal data breaches of the past few years—some intentional and some accidental.
Examples of data breaches.
In 2016, Sage, a UK accountancy software group, experienced a data breach of personal details and bank account information for employees in as many as 300 companies. It was later disclosed that this was an internal breach conducted by a company employee. An employee accessed unauthorized information, including salaries and bank account information, using an internal login. After that, the 32-year-old female employee was later arrested, and Sage experienced a drop in stock.
Also in 2016, Snapchat fell prey to a “whaling” attack. Reportedly, an attacker impersonating chief executive Evan Spiegel emailed an employee and tricked them into sending the information of around 700 employees. The employees’ names, social security numbers, and wage data were compromised. This case exemplifies how the user is the first and last line of defense. As this case demonstrates, treating security casually can have massive repercussions.
HOLLAND MANOR ELDERCARE
Smaller businesses and organizations are not safe from internal threats. Hollard Manor Eldercare, an assisted living facility in Towson, Maryland, experienced a similar breach when facility manager Salah Eldean Sood used the names and Social Security numbers of three residents of the facility to apply for six credit cards. Sood made over $75,000 in purchases combined using those credit card accounts, and faced the charge of up to 30 years in prison. This type of breach could only have been prevented with robust internal security protocols.
Sometimes intentional internal breaches are motivated by greed. But other times, they are motivated by revenge. A network engineer, Ricky Joe Mitchell, at West Virginia’s energy company EnerVest 2012 learned he was to be terminated. In response, the employee sabotaged EnerVest, upsetting the company’s business for the next month. Mitchell set all of the company’s servers to their original settings, as well disabling some company equipment and other processes. Mitchell was sentenced to four years in federal prison for his actions.
Insider threats are growing.
Internal data breaches are an increasing security threat, and they are a threat that organizations are finding difficult to address. One of Verizon’s 2017 DBIR’s key findings is that people continue to rely on how things have always been done. One of Verizon’s main solutions relies on the human element of security: “make people your first line of defense.” Companies that want to protect themselves from internal threats need to find a solution that is both convenient for employees and secure for the company. Read more about protecting your organization from insider threats.
Automated authentication with a security token.
This is where GateKeeper comes in. The GateKeeper solution helps protect organizations as well as individuals from unintentional breaches of personal information. It’s a security measure that’s based on your physical presence. Therefore, a new layer of protection between a user and their computer now exists.
Here’s how it works: A wireless key, kept with the user, acts as an encrypted authenticator. The token automatically locks and unlocks your computer based on your proximity. Just walk away to lock your computer with military grade encryption algorithms, and walk back to unlock it. Therefore, this means that no credentials are ever transmitted over air, making the process even more secure.
In conclusion, if the increasing threats of internal data beaches scare you, or if you think your organization or the people around you could benefit from an additional layer of encryption protecting their computer files and personal information, get in touch. And as the holiday season rolls around, consider GateKeeper as a present. Defend your organization or yourself.