Forget Hackers — the Biggest Threat to Company Security Is You
WHY YOU SHOULD CARE
Because the promise of a connected world comes to naught if data can’t be kept safe.
By Steven Butler
As a strain of ransomware hit computer networks in more than 150 countries on Friday — from the U.K.’s National Health Service to Russia’s Interior Ministry — and with many more targets feared today as employees return to work, it’s clear that our digital infrastructure is far from secure. Most of this malicious software, which encrypts files and holds them for ransom until a bitcoin payment is made, is installed on machines by users opening an unknown attachment or link. And as this OZY article, originally published on Jan. 19, 2016, explains, employees can be a threat to their employers’ digital security in many more ways …
If you live in a high-crime neighborhood, you keep your windows locked, open the door only for people you know and turn on the alarm if you leave. Common sense. But these days, executives — from banks to film studios and government agencies — are beginning to understand that we all live in high-crime neighborhoods … that is, when it comes to critical corporate data stored on computers. But burglars in ski masks aren’t the problem here.
93 percent of corporate-security execs fingered human behavior as the biggest threat.
That’s according to a survey released by the Virginia-based security-intelligence company Nuix. “Insider threat, relatively speaking, is a new player to the game,” says Keith Lowry, senior vice president at Nuix. Awareness is growing as criminals, even foreign governments, get increasingly adept at tricking insiders into opening the door by revealing their passwords. With bots continuously trolling the Internet, a window inadvertently left open will eventually be found. Online collaboration has also changed the game. “The perimeter has all but disappeared,” says Guy Bunker, senior vice president at cybersecurity company Clearswift.
Lowry worries about what he calls an increased cultural acceptance of data theft. Indeed, in a survey, Clearswift found that about a third of employees admitted they had a price: 35 percent said they could be bought for $77,500; 25 percent for less than $8,000; and 3 percent for as little as $155, risking job loss and jail time for a relative pittance. Of course, corporate data is sometimes worth millions of dollars. Clearswift also found that 92 percent of companies surveyed had experienced a data breach in the last 12 months, 74 percent from insiders, and a third of those were a result of “malicious intent.”
Why do people do it? The motivations include jealousy, not getting a raise and politics, Lowry says. Some employees steal data when they leave a company. The thinking used to be that all you had to do was teach best practices, like keeping passwords secure or installing the latest software patch. But in the past year, instilling “fear” has become more and more the weapon of choice for getting employees to toe the line, according to Nuix.
As in threatening to fire people. And while the threat of stolen data can seem pretty abstract, the threat of job loss tends to feel pretty concrete.
This story was originally published on Jan. 19, 2016.