Insider Risks

By   ISBuzz Team
Writer , Information Security Buzz | Jul 20, 2018 11:12 am PST

WhatsApp Messenger, Facebook Messenger, and Waze topped the list as the riskiest apps most often found in the enterprise according to the latest report by Appthority. Employees using those apps may pose an even great threat.

Chris Olson, CEO at The Media Trust:

chris olson“The Appthority report underscores the risks that insider threats can pose to a company. While data breaches that grab headlines are often perpetrated by external threats, at least half of all security breaches are carried out by insiders–from malicious insiders, to negligent employees, to third parties. What’s more, insider threats are harder to detect or prevent on the one hand and can exact the most damage on the other. Insider threats require a holistic approach that combines heightened cybersecurity awareness with better controls. Companies should conduct a more thorough internal segmentation of who can have access to what information and apps, provide more effective employee awareness training, carefully vet employees, and closely watch their third parties. This last point is crucial because third parties are popular targets of malicious actors. As companies face a growing number of regulations that exact heavy penalties for the unauthorized collection and sharing of consumer data, they will need to address the ever present threat of data breaches from within.”

Ben Herzberg, Director of Threat Research at Imperva:

ben herzberg“Regardless of minor percentage changes in the incident reporting, this reinforces the notion that companies should not assume that their internal network is safe from threats. These can be due to bad practices or malicious activity, but the result may be the same (Loss of Intellectual Property and other secrets, sabotage and more). This is especially challenging when the “typical” network architecture is changing rapidly to include an increasing number of public cloud services.

I’m not sure if GDPR is the cause of the change in the statistics gathered, but with or without GDPR: it’s important for organizations to know exactly where they store their data, and be accountable for it.”