Request a Demo
Welcome to the Cygilant Blog

Internal vs. External Security Threats: Why Internal Is Worse Than You Expected (and What You Can Do About It)

Posted by Vijay Basani on Sep 3, 2015

Internal Security Threats

The drama of data security seems to feature outside threats as the most prominent. From Eastern European criminal gangs to nation-state actors to Anonymous, you’d think hackers were the number one cause of data loss. They’re not.

According to Forrester, the single biggest threat to digital security is internal, with almost 40% of breaches perpetrated from inside a company. Given the other statistics in this study, that should be no surprise. Only 42% of the North American and European workers surveyed had received security training and only 57% were familiar with any of their company’s security policies.


As long as this remains the case, hackers are always going to remain a distant second to your own employees. If you wish to (fairly) easily remove the biggest threat to your data, there are some (fairly) easy measures you can take. The key, of course, is not simply to write these down, but to make them part of your company culture. Institute and enforce the following and your safety will increase immediately:


  1. Create and distribute a security plan that addresses your vulnerabilities and contains instructions in the event of a breach.

  2. Enforce password discipline requiring password complexity, regular changes and login closeouts with each employee departure.

  3. Prioritize data access, establishing layers of access based on need, seniority and trustworthiness.

  4. Establish device discipline, instructing everyone from executives to freelancers on how to secure their phones, tablets, laptops and VPN connections.

  5. Emphasize security over speed and convenience, and make sure it comes from the top down, or it won’t be done.

These suggestions don’t mean that we advocate not trusting your co-workers—that would make work grim indeed. It certainly does not mean you should neglect security measures aimed at outside threats. But one mistake at the wrong time can compromise your whole company. It doesn’t have to be the actions of a malicious employee, only a busy one. Just make sure your emphasis on speed, convenience and efficiency doesn’t compromise you from the inside out, or else hire security experts to do the job for you.


Questions? Let's Talk


Top photo credit: everything possible/Shutterstock

Tags: Cyber Threat, IT Security, Managed Security Services, Internal Threat

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Popular Posts

Posts by Topic

See All