Ask any insurance underwriter who provide Cyber Insurance, “What is the primary cause of Cyber Claims”, and you will hear, “Human Error”.
Human error constitutes more than 50% of all cyber insurance claims.
I acknowledge that some of these “Human Errors” are not accidental. Some are malignant or malicious. I will address this further in another article.
Most of these breaches are caused by “Accidental or Benign activities”.
It is important to understand what accidental data misuse, or Benign activities look like, and to put in place a plan to detect and prevent unintentional insider threats, before they accidentally leak information outside the organisation.
Often, employees will not be taking the necessary steps to ensure that they are staying alert and protecting company assets. This could be caused by excessive workloads, external and internal distractions, stress, or many other factors. Notwithstanding, unattentive behaviour can cause employees to not catch the phishing email, click a suspect link, or connect to public Wi-Fi for sedative work activities.
Regular information updates, cultural inclusion, rewards based culture and a environment of security culture can assist in ensuring the employees stay on top of their activities and subsequent behaviour.
Violating company policies
Any time an employee steps outside of company policy, it increases risk. Whether on purpose or because they’ve forgotten or don’t fully understand the policy, this poses a threat to the organization. It’s true that malicious insiders may break policy, but it’s equally true that an employee with no malicious intent may break policy to simplify a task, or even without their knowledge.
Regular reviews of company policies are a given, but you cannot only rely on written policies to ensure prevention. You also need to have a proactive way of catching employees in the act of breaking policy, educating them on the mistake, encouraging a rewards culture for good behaviour, and preventing them from taking further action outside policy.
Different organisations are beholden to different laws, compliance mandates, and regulatory requirements. There are a number of frameworks across industries, and if some people in your organization do not fully understand how a certain framework applies to their work, they may make mistakes that expose you to risk.
It is vital to conduct regular training and education for all team members whose work requires them to fully understand and apply laws, mandates, or requirements that affect the organisation’s security.
Taking the easy way out
Cloud storage services, like Dropbox, can really help employees get their jobs done faster and more efficiently. It is a given that even star employees may store or transfer sensitive data using a personal cloud storage account, it opens up more opportunities to work. Then again, they can also quickly open your organization up to a whole new level of risk.
As a best practice, ensure employees understand which services are approved and which are not, how to properly secure their services, and what types of data must be stored where and how. This will decrease the odds of their accidentally sending highly confidential data to an unsecured location in the cloud, thus exposing you to risk.
From brightly lit computer screens to rogue flash drives – unsecured devices are a common cause of accidental insider threats. Each individual employee should be aware of the steps that they should take to ensure the devices they use are well-secured at all times. This includes everything from strong passwords to multi-factor authentication for all devices. One small instance of sloppy personal security can lead to a major insider attack.
How to decrease this threat
The biggest threat to an organization isn’t the outsider trying to get in, rather it’s the insider who already has the keys. And it certainly doesn’t have to be an insider that has it out for the company.
As the above examples illustrate, accidental misuse can be one of the most overlooked causes of insider threats today. Once valuable data has been leaked via inappropriate or accidental means, there are always criminals and groups with ulterior motives who will look for opportunities to use the data to their advantage. Insiders – both malicious and accidental – are uniquely able to access data in a variety of ways, and yet they are often forgotten about when organisations “lock down” their data.
Good visibility into an organisation’s vendors, partners, and employees, measured and continued education, alongside tools and technology, can ensure that both the malicious and accidental insider threats are thwarted in their tracks.