Indian organizations were the sixth most targeted by cybercriminals in the Asia-Pacific region in 2015.
Organizations in the country received an average of two attacks in a year, according to the 2016 Internet Security Threat Report by security firm Symantec Corp.
India, according to the report, ranks third globally and second in Asia-Pacific as a source of overall malicious activity. The report also pointed out that every sixth social media scam impacts an Indian.
Insider threat policing and accounting for privileged credentials are security issues organizations feel least-prepared to confront, according to a Forcepoint 2016 Global Threat Report. Insider threats refer to attacks that either originate or receive cooperation (willingly or unwillingly) from sources within an organization. Attackers are targeting insiders within organizations—or via business partners and third-party suppliers—and gaining access to networks by manipulating staff into disclosing their credentials. With these stolen credentials, criminals then move among networks, accessing and removing sensitive data, often going unnoticed until it’s too late, the Forcepoint report said.
Breaches caused by insider threats continue to climb, with “accidental insiders” the leading source of problems. Of firms surveyed by consulting firm Forrester that had experienced a breach in 2015, internal incidents were the leading cause, and more than 50% of those were due to inadvertent misuse or user error, known as the “accidental insider”.
The increasing popularity of conducting business from personal devices (known as bring your own device or BYOD) adds to the complexity of the insider threat, creating more avenues for hackers to gain a foothold without popping up on the security team’s radar.
According to a Ponemon Institute research, sponsored by Forcepoint, employees represent the biggest threat to company security largely because insider abuse can be difficult to detect. This fact was also borne out by the IBM X-Force Research’s 2016 Cyber Security Intelligence Index, which stated that “Your next attacker is likely to be someone you thought you could trust”.
The insider threat, however, is not just an “IT” issue, according to Forcepoint. It’s one that must also involve personnel. An effective insider threat programme incorporates technology controls with risk management plans and employee training on best practices.
Policies: Communicating policies on how technology should be used within the organization from appropriate devices to the handling of data and Internet use.
Processes: Applying appropriate segregation of duties and other checkpoints into processes.
Technology controls: Limiting access according to least privilege principles, based on each individual’s assigned role.
Risk management: Identifying and developing a risk management plan to give the highest areas of risk top priority.
Auditing and monitoring: Verifying that each of the key components is effective and meets the organizational needs.