I retweeted this article on Friday but I wanted to follow it up with a longer post because it continues to highlight two critical factors – policy and training. Both of these have been the subject of previous posts so let’s look at some numbers as pulled from the article.
- More than half (55%) of cyber security incidents were from Insider Threats – both malicious insiders and inadvertent actors (otherwise known to us as untrained and unaware employees). From the IBM 2015 Cyber Security Intelligence Index.
- 1 in 7 employees would sell their password for $150. From the Sailpoint Survey.
- Over half of employees don’t believe taking corporate information with them when they leave an organization is a crime. From the Symantec Survey via Dark Reading.
The Insider Threat is real. And the data supports that employees are not educated on security tenants and what is intellectual property.
These are huge figures and convey a general lack of awareness by employees about identifying and reporting suspicious activity internal and external to the organization, and understanding the basic tenants of security.
What are some solutions?
- Make security a priority.
- Establish security policies and processes.
- Implement a security training plan.
- Increase your security awareness.
Your company may invest a lot of money on network security solutions, and while they are important to developing a layered approach to security, they can be undermined by one careless employee who clicked on a suspicious email, or one employee struggling to make the rent payment and sold their password, or one employee looking to take advantage of work he did for you on the outside.
How are you protecting your business? We can help.