Mimecast has released the results of a new survey which finds that 90 percent of organizations believe that malicious insiders are a major threat to the organizations’ security. However, 45 percent say that they are ill-equipped to cope with the threat.
By concentrating predominately on perimeter defense / defence and outside threats, organizations around the world struggle with the risk that comes from their own people, emphasizing the need for organizations to implement employee awareness and education as well as creating a cyber resilience strategy that includes both technology- and human-based defenses.
Other highlights of Mimecast’s research include:
- Over half (53 percent) of IT security decision makers view malicious insiders as a moderate or high threat to their organization.
- One in seven IT security decision makers view malicious insiders as their number one threat.
- Those who say they’re very equipped on cybersecurity feel virtually just as vulnerable to insider threats as those who believe they aren’t equipped at all (16 percent vs. 17 percent), indicating that the risk of malicious insiders trumps perceptions of security confidence.
Mimecast tips for safeguarding against malicious insiders
1. Assign role-based permissions to administrators to better control access to key systems and limit the ability of a malicious insider to act.
2. Implement internal safeguards and data exfiltration control to detect and mitigate the risk of malicious insiders when they do strike, to cut off their ability to send confidential data outside the network.
3. Offer creative employee security training programs that deter potential malicious insiders in the first place and help others to spot the signs so they can report inappropriate activity to their managers. Then, back that up with effective processes to police and act swiftly in the event of an attack.
4. Nurture a culture of communication within teams to help employees watch out for each other and step in when someone seems like they’ve become disenchanted or are at risk of turning against the company.
5. Train your organization’s leadership to communicate with employees to ensure open communication and awareness.