Infographic - The Insider Threat Landscape
-
Upload
elizabeth-gladen -
Category
Technology
-
view
84 -
download
0
Transcript of Infographic - The Insider Threat Landscape
+44 (0)203 823 9030 @CyberseerNet
Sources:
W:T:
Cyberseer is a managed security service and solutions provider with a comprehensive suite of smart technology and threat intelligence service. We work with clients to develop flexible and dependable cyber security solutions that support enterprises across the UK.
Publicised insider data theft incidents, such as the Morgan Stanley breach or Edward Snowden case, highlight the growing need for better security practices and solutions to reduce the risks posed by insider threats.
such as managers with access to sensitive information, pose the biggest insider threat to organisations.
plugging in an infected device or known device into a corporate network has increased risk of corporate data being stolen.
Outsourcing, third-party technologies and cloud computing increase the attack surface.
Attackers know the best way to infiltrate an organisation is through its trusted insiders. Employees with a high degree of access to the corporate network can be identified using social media.
56% endpoints
DatabasesFile Servers
Mobile DevicesEndpoints
Business ApplicationsNetwork
Cloud Application
52% sensitive financial data
57% customer data
54% intellectual property
46% company data
45% employee data
30% sales &marketing data
20% healthcare data
Intentionally harms the organisation, by stealing
data, commerical secrets and intellectual
property.
Unwitting employees enable external attack.
Not deliberately malicious, but actions result in
damaging consequences.
35% files servers22% cloud applications22% databases22% business applications
IT Pro’s were asked ‘What IT assets are most vulnerable to insider attacks?’
IT Pro’s were asked ‘What types of data are most vulnerable to insider attacks?’
IT Pro’s were asked ‘What IT assets are most commonly used to launch insider attacks from??’
43% network
42% mobile devices
Increased Costs Increased Fines
Lawsuits
Impacted Revenues
Reputational Damage (from customer & market perspective)
Compromised Shareholder Confidence
When determining insider threat activity is a lack of contextual information from security tools.
Monitor Detect
AnalyseEradicateThreat X
www.cyberseer.net
www.infosecbuddy.com/wp-content/uploads/2015/06/Insider-Threat-Report-2015.pdf; http://www.prnewswire.com/news-releases/ponemon-institutes-2015-global-cost-of-data-breach-study-reveals-average-cost-of-data-breach-reaches-record-levels-300089057.html; http://www.infosecbuddy.com/wp-content/uploads/2015/06/Insider-Threat-Report-2015.pdfhttp://www.cbronline.com/news/cybersecurity/data/insider-threat-20-of-office-workers-would-sell-corporate-passwords-to-third-parties-4844299?
INSIDER THREATLANDSCAPE
256DAYS
What are they? Why are Insider Threatson the Rise?
Top Types of Insider Threat: IT Assets at Risk:
Data Most Vulnerableto Insider Attacks:
Launch Points forInsider Attack:
Privileged Users
Third Party Associates & Contractors
Regular Employees
BYOD
Open Networks
Social Engineering
62% of security pro’s sayinsider threats
have become more frequent in the last 12 months.
Regardless of motivation of the insider, business impacts are universal:
MaliciousCompromised
Negligent
57%55%
44%42%41%
36%31%
£01010001000010101001001010100101
+
???
Insider Threats are left undetected for: 20%
of office workers
would sell corporatepaswords to third parties.
££
£
£
Biggest Hurdle Take Action
Content AwareSecurity
Contact Us:
Discuss the threats affecting your network:
INSIDER THREATLANDSCAPE