All organisations are vulnerable to insider abuse, errors and malicious attacks, all of which run the risk of damaging reputation, exposing data, delivering valuable intellectual property into competitors’ hands and much more.
Insider threats are not always intentional – uneducated staff can be just as much of a threat as malicious attacks.
Organisations need to be aware of this increasing threat and take appropriate measures to defend themselves.
How to prevent an insider attack
The 2016 Insider Threat Report highlighted the current state of insider threats, as well as organisations’ top concerns in this area.
74% of organisations said they feel vulnerable to insider threats, and only 42% feel they have the appropriate controls in place to prevent an insider attack.
Alan Calder, founder and executive chairman of IT Governance, says: “Insider threat is a big part of the information security challenge that organisations face. In most cases, mistakes will be made unintentionally, but the underlying message is that in order to prevent these from happening, companies must educate staff, enforce effective policies and procedures, and manage access control.
“ISO 27001 should be the default standard that organisations turn to when addressing insider threat and other issues, and adopting an integrated approach to people, process and technology.”
Benefits of implementing ISO 27001
By implementing controls from the international standard, ISO 27001, and an information security management system (ISMS), your organisation will reap a wealth of benefits, including:
- Protecting and enhancing its reputation;
- Avoiding the financial penalties and losses associated with data breaches; and
- Complying with business, legal, contractual and regulatory requirements.
Build a defence programme against insider threats
October’s book of the month is the most in-depth guide on the market and the ideal resource for anyone looking to learn how a security culture based on international best practice can help mitigate the insider threat.
Insider Threat – A guide to understanding, detecting, and defending against the enemy from within looks beyond perimeter protection tools and details how to build a defence programme using security controls from the international standards ISO 27001 and ISO 27002, and NIST SP 800-53.