As the old saying goes, “keep your friends close, but your enemies closer.” And yet, in the world of data security, it is often your closest friends who can turn out to be your worst enemies.
The faceless outsider is often set in the role as the ultimate bad guy in the world of data security. He lurks in the darkest corners of the Internet, working in complex multinational networks to steal valuable data from the biggest companies. The lone hacker is repeatedly reinforced by the slant of media coverage on data breaches, which often spins these sensationalized images into headline grabbing stories.
Insider attacks can take many forms. They include the unfortunate accidental loss of data through human error, or the more sinister deliberate misuse or theft of highly valuable sensitive information about customers, clients, or staff.
Insiders can be current employees who appear on the surface to be happy in their job but have become disillusioned and disgruntled. They can be ex-employees whose access has not been revoked. Insiders can also be temporary contractors who still have access to secure data. Moreover, insiders can come from any level of the company hierarchy.
A recent poll conducted by the Economist Intelligence Unit, a sister organisation of The Economist, unearthed startling evidence of the growing threat of the insider breaches. Speaking with senior executives on their experience of fraud committed by insiders, the poll discovered that 70% of companies had suffered at least one instance of insider fraud, up from 61% in the previous survey.
Insider fraud can take many forms, from the most elaborate to the most petty: a survey of British employees for YouGov in 2010, for example, found that a quarter of staff eligible for expenses admitted to inflating claims. That is still fraud and it is still wrong.
Here are the three key takeaways to tackle the threat of insider attacks: