Could the greatest security risk to companies be their own employees?

Could the greatest security risk to companies be their own employees? This question was brought into sharp focus by a 2016 study published by IBM on insider cybersecurity threats, which revealed that 60% of security incidents involved insiders. Contrary to what one might expect, companies are often most vulnerable from within. Data breaches initiated by malicious insiders were also the most costly, averaging USD 4.99 million. Furthermore, a recent report by Verizon found that while external threats typically compromise around 200 million records, incidents involving insider threat actors have resulted in the exposure of one billion records or more.

“I’m the guy who does his job. You must be the other guy.” Dignam — Mark Wahlberg

Herman Hollerith devised a system of punched cards to store information so effectively that the Hollerith machine was adopted for use in the 1890 U.S. Census. Since then, cybersecurity has become vital to the way people store and use data today. While external attacks—such as the NotPetya malware incident, which impacted organizations on a global scale—are widely discussed, far less attention is paid to the quieter (and often more awkward) reality: sometimes the biggest threat is already inside the building.

CREDITS

1. IBM (2021). Insider threats. [online] Ibm.com. Available at: https://www.ibm.com/think/topics/insider-threats.
2. The Council of Insurance Agents & Brokers. (n.d.). IBM: 60 Percent of Attacks Carried Out by Insiders. [online] Available at: https://www.ciab.com/resources/ibm-60-percent-attacks-carried-insiders/.
3. Morgan, S. (2016). Top 2016 Cybersecurity Reports Out From AT&T, Cisco, Dell, Google, IBM, McAfee, Symantec And Verizon. Forbes. [online] 9 May. Available at: https://www.forbes.com/sites/stevemorgan/2016/05/09/top-2016-cybersecurity-reports-out-from-att-cisco-dell-google-ibm-mcafee-symantec-and-verizon/?utm_source=chatgpt.com.