September 19, 2016
When security breaches make headlines, they tend to be about nefarious actors in another country or the catastrophic failure of technology. These kinds of stories are exciting to read and easier for the hacked company to admit to. But the reality is that no matter the size or the scope of a breach, usually it’s caused by an action, or failure, of someone inside the company.
The role that insiders play in the vulnerability of all sizes of corporations is massive and growing. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors. IBM Security research also found that health care, manufacturing, and financial services are the top three industries under attack, due to their personal data, intellectual property and physical inventory, and massive financial assets, respectively. However, while industries and sectors differ substantially in the value and volume of their assets and in the technology infrastructures they have to manage and defend, what all businesses have in common is people — all of whom have the potential to be an insider threat.