Organizational cybersecurity threats - external vs internal
Laura Dugan ’03
Cybersecurity is a complex and ever-changing field – as technology advances, so does the risk that it can be exploited in new ways. The majority of stories related to data breaches are the result of an outside entity obtaining access to protected information. Most companies are aware that systems need to be secured to prevent these types of attacks from happening. It’s also important that companies examine potential internal threats as they may pose just as much a threat, and in some cases more of a threat, than external ones.
Steps can be put into place to remediate risk from both internal and external threats (see previous blog post on Using Risk Assessments to Find Cybersecurity Vulnerabilities) and it’s important that both types of threats be evaluated regularly.
Digital Guardian blogwriters Nena Giandomenico and Juliana de Groot interviewed 47 data experts to ask them, “What's more of a threat to a company's data security: insiders or outsiders?”
Of the 47, the majority of responders indicated that insider threats were often the larger threat, in part because companies tend to focus more on implementing strategies to prevent outsider attacks.
The greatest risk with insider attacks is that they may not be intentional – simply a case of human error.
“Insiders, as they have access to sensitive information on a regular basis, and may know how that information is protected,” says Joseph Steinberg, cybersecurity expert and entrepreneur, in the blog post. “Insiders may also accidentally leak data or otherwise put it at risk – something that outsiders typically cannot do. Whether by attaching the wrong file to an email being sent, oversharing on social media, losing a laptop or USB drive, or through some other mistake, insiders can put an organization's data at risk with little effort.”
Often insider threats can lead to external threats. If staff are given access to data they don’t really need, the risk of someone inside the organization sharing that information with someone outside of the organization – even unintentionally – increases.
After an attack on JPMorgan Chase led to hackers obtaining information for 83 million households and small businesses, the company re-evaluated employee access.
“JPMorgan now limits so-called ‘high security access’ to bank employees who must submit to annual credit screenings and criminal background checks,” reported the New York Times. “The bank now also conducts a “routine review” to make sure that high security access is justified for a particular person.”
There is no easy answer as to which poses a bigger threat – internal or external cybersecurity risks. Often the answer is determined by the nature of the company, its employees, and what preventative methods have already been put into place.
“The best answer is for a company to conduct a threat assessment, ideally before launching any comprehensive new security initiatives,” says Andrew Whitmer, Research Analyst at SecureState, in the blog post. “That way they can be sure that their security program is properly prioritized such that it addresses the most significant or likely threats first.”