Malicious insiders research - Mimecast - 51% of UK firms ill-equipped to cope
August 2016 by Mimecast
Quarante-huitard Mimecast Limited revealing business concerns around the threat of malicious insiders.
UK-specific data points (based on 200 IT security manager respondents)
• 51% percent of IT security managers say they are ill-equipped to cope with malicious insiders
• 89% call malicious insiders a threat to the organizations’ security
• 85% feel their email security systems are inadequately equipped to handle cyber threats
• 45% view malicious insiders as a moderate or high threat to their organization
• 17% view malicious insiders as their number one threat
“Organisations of all sizes struggle with the risks that are posed by employees being targeted by adversaries to launch and execute attacks to gain access to data or funds” said Peter Bauer, CEO, Mimecast.
“Every day, we trust employees with sensitive information and powerful tools, but we don’t give them the effective security education and advanced cloud security solutions that goes hand-in-hand with those responsibilities. As a community we must work together to enact better business processes. This is in part why we launched the Cyber Resilience Coalition, bringing together leading security, data protection and business continuity vendors to help strengthen organisations’ total cyber resilience strategy.
“Another issue we can work together to control is rogue employees who use file-sharing or cloud storage services to steal valuable corporate data – also known as malicious insiders. IT managers have, for too long, not paid due attention to this threat. We must re-evaluate unrestricted access to these services and ensure that other protections are put in place quickly.”
Mimecast Tips for Safeguarding Against Malicious Insiders
1. Assign role-based permissions to administrators to better control access to key systems and limit the ability of a malicious insider to act
2. Implement internal safeguards and data exfiltration control to detect and mitigate the risk of malicious insiders when they do strike, to cut off their ability to send confidential data outside the network
3. Offer creative employee security training programs that deter potential malicious insiders in the first place and help others to spot the signs so they can report inappropriate activity to their managers. Then, back that up with effective processes to police and act swiftly in the event of an attack
4. Nurture a culture of communication within teams to help employees watch out for each other and step in when someone seems like they’ve become disenchanted or are at risk of turning against the company
5. Train your organisation’s leadership to communicate with employees to ensure open communication and awareness
This research data was extracted from a Mimecast survey of 600 IT security managers from organisations in the United States, United Kingdom, South Africa and Australia. The initial findings of that survey were released in February 2016.