According to former chief of the Justice Department's Computer Crime and Intellectual Property Section, Mike Dubose, more than two-thirds of all cyber cases involve company insiders, not outside hackers. Of note is that he feels there is probably under-reporting because many internal breaches are not made public.
"...organizations with good insider threat and data protection programs will be around in 10 years, and those that don't - won't."Dubose says companies need to become more sophisticated about monitoring their networks for unusual and suspicious user patterns. He recommends instituting centralized, system-wide logs of data access and transference that are easily accessible once a breach has been discovered.
- FBI Chief Information Security Officer Patrick Reidy
Savvy organizations are utilizing big data analytics SaaS, on data they already have, to reveal insider patterns indicative of data breaches or fraudulent activity.
Download a white paper on detecting suspicious user activity patterns. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Insider Threats Aren't Hackers-They're Employees - Bit Defender, 03/12/2013