The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
While companies can spend millions on their IT security systems to prevent cyberattacks and other common security risks, they may be fighting a losing battle if their worst enemy already has the password and unrestricted access to their systems. While breaches and other security events from external causes are difficult to detect, tracking insider attacks might be an even bigger obstacle. A new report about insider threats in organizations brings to light the challenge of controlling for security risks that are due to malicious intentions or mistakes.
The majority of businesses in the U.S., Latin America and Europe said they did not have the means to fend off an insider threat, according to a survey by IT security firm SpectorSoft. Even worse, 59% of IT professionals said their employers did not have the ability to find threats that lurk within their company.
With the wealth of data – customer information, trade secrets and intellectual property – stored in top corporations and government agencies, insiders might hope to take advantage of their ease of access to valuable information.
Insider misuse accounted for 8% of all breaches in 2013, and some of the biggest security risks surrounding insider threats include privilege abuse and unapproved hardware, according to the 2014 Verizon Data Breach Investigations Report.
In June, telecom giant AT&T reported a breach that may have compromised the personal information of an undetermined number of customers and the motives behind the perpetrators of the breach were shocking, according to an analysis by eWeek. The employees working for a vendor for AT&T allegedly wanted to hack into locked phones sold by the company in order to sell them to willing buyers on the market.
“It makes one wonder what AT&T and other vendors are doing to detect and prevent data leakage,” Lucas Zaichkowsky, enterprise defense architect at AccessData, told eWeek.
Almost half of the respondents in the SpectorSoft survey said their top priority was detecting insider threats, as they focused on a security strategy that is centered on prevention.
Companies need to improve on restricting data access to personnel, handling data securely and ensuring safe email use.
“With so many data breaches happening, C-level executives are coming to the realization that their jobs could be on the line if company data isn’t protected,” Rob Williams, chief marketing officer at SpectorSoft, said in a statement. “Proper defense must include a comprehensive security solution, and with humans involved, education is just as key. The market is ripe for a new approach to internal security.”
Inside jobs aren’t just a concern for businesses, they’re also a concern for consumers. If an employee of a business with your personally identifying information (Social Security numbers, credit card data, etc.) sells that to identity thieves, you could be in danger of unauthorized charges and fraud. You should regularly monitor your bank accounts regularly for signs of fraud. Also, you may want to monitor your credit. Any unexpected, large change in your credit scores could signal identity theft, and you should pull your credit reports (you can get free copies once a year) to confirm. You can check your credit scores for free every month on Credit.com.
Image: iStock
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams