A former SunTrust employee used contact lists of 1.5 million customers from SunTrust's data to attempt to commit theft, compromising names, addresses, phone numbers and banking balances, according to a company announcement. In response to the breach, SunTrust will offer customers identity protection service Experian IDnotify for free.
ObserveIT defines insider threats as negligent employees or contractors, criminal or malicious insiders, or credential thieves, according to an ObserveIT report of 717 international IT and security professionals. The average cost for negligent employee incidents is about $280,000 while a thief who steals credentials can double the costs to nearly $650,000. But negligent employees account for 64% of incidents while malicious insiders, like Suntrust's, are responsible for only 23% of incidents.
It takes about two months to contain an insider security incident and could cost nearly $9 million over a 12-month period, according to ObserveIT. Costs mount from lost business, damaged IT assets, remediation expenses and indirect costs in the form of time and manpower spent on the incident.
The old-school approach to cybersecurity was designed as the moat protecting a castle. However, just protecting the outside perimeter is not nearly enough to prevent a cyberattack or breach, especially when the threat is coming from inside the castle.
Insider threats are on the rise, highlighting the importance of properly educating an organization's workforce. Even though negligence is the most prevalent form of insider threats, it may be slightly less alarming than an employee working in an intentionally destructive manner.
Trusting employees is crucial in protecting a business's reputation and customers, and where training efforts fall short, appropriate monitoring tools should be considered.
Hijacked credentials are one of the most common ways malicious actors maneuver themselves through a system, especially credentials with privileged access. But threats also arise in file-sharing or cloud-based services. Unrestricted access to these allow malicious actors to roam freely around company data.