Employees are the lifeblood of any organization, but they can also be one of the biggest risks to business continuity. Insider threats lurk around every corner, and no company is immune to these attacks. When security professionals think about insider threats, they typically think of loyal employees who quickly become malicious insiders, poised to do damage to the company or customers through fraud, data loss, or intentional disruption of business process.
It is true that disgruntled employees are the source of many insider threats, but even happy employees are subject to credential compromises through brute force, phishing, or other types of attacks. With more and more business systems moving to the public cloud, typical network-based defenses now provide little or no protection against attacks. All a bad actor needs is a compromised credential with privileges to get into a system and cause irreparable harm.
Insiders are in a position of trust, and their elevated permissions provide an opportunity to cause serious harm to critical business applications and processes. When employees become disgruntled, they may have elevated access across multiple business systems, which allows them to affect multiple departments and business processes. When bad actors get ahold of these privileged credentials, they can move laterally and traverse across business departments to enact greater harm. This growing risk surface is proving to be a massive vulnerability for enterprises, which are usually the victim of these insider threats.
According to Forrester, attacks emanating from malicious insider activity are growing rapidly. In 2015, malicious insiders accounted for only 26% of internal data breaches, but ..
Support the originator by clicking the read the rest link below.
