Why Employee Training Matters: Negligent Users Are Top Insider Threat

Access as a Foundation: Access to clients, suppliers, services, and data is fundamental to any successful firm.
Prioritizing Access Control: Controlling who has access to pivotal places and data is a top business priority.
Varying Access Levels: The level of access granted to employees should depend on their seniority and involvement in specific processes.
Insider Threat as a Major Risk: In 2016, the insider threat was widely perceived as one of the main security risks companies faced.
High Cost of Security Breaches: Security breaches are tremendously expensive, requiring significant time, resources, and money for mitigation.
Top Concerns: Companies are deeply concerned about potential sources of data breaches, with insider threats being among the biggest worries.

Vulnerability: $74\%$ of companies admitted feeling vulnerable to insider threats.
Preparedness Gap: Only $42\%$ (less than half) believed they had appropriate security countermeasures in place.
Most Serious Insider Threats:
- Inadvertent data breaches: Topped the list, cited by $71\%$ of firms.
- Negligent data breaches: A concern for $68\%$ of firms.

Users with Privileged Access: Identified as the most important source for $60\%$ of companies (e.g., managers).
Regular Employees: Over $50\%$ of companies also expressed worry about regular employees.

Origin: Insider threats originate from an organization's insiders.
Who is an "Insider"? Current or past employees, business partners, contractors, board members, officers, or third-party service providers.
Mechanism: These individuals are granted legitimate access privileges and then use them to compromise the confidentiality, integrity, or availability of the organization's data.

Insider threats are generally categorized into three broad types:

Intentional:
- Nature: Deliberately perpetrated by individuals.
- Motivation: Usually seek personal gain or commit espionage.
Compromised:
- Nature: Occurs when a hacker exploits an authorized insider's accidental activities.
- Outcome: Used to launch a malware attack or gain unauthorized access to the organization's networks, systems, and data.
Accidental:
- Nature: Occur when people inadvertently expose sensitive data.
- Examples: Includes exposing credentials, often within the context of their work.

Surprising Findings: Accidental insider threats are, perhaps surprisingly, the most common cause of cybersecurity breaches.
Ponemon Institute's 2016 Cost of Data Breach Study: Out of $874$ security breaches reported by companies:
- $85$ were caused by outsiders exploiting stolen credentials.
- $191$ were due to malicious employees and cybercriminals.
- An astonishing $568$ were attributed to negligent employees or contractors.

Risk Area: Employees with privileged access rights to designated facilities and laboratories.
Source of Incidents: Carelessness in how these rights are used often leads to security incidents.

Necessity: It is vital to educate employees about incorporating basic security practices into their daily routines.
Goal: To reduce the risk of breaches as much as possible.
Beyond Access Control: Simply limiting user access and the number of privileged users to only those absolutely essential is insufficient.
Understanding the Role: Those who do have physical or cyber access must understand their role and the potential effects of their negligence.

A combination of strategies can significantly reduce carelessness among employees and lower breach risks:
- Periodic training: Regular educational sessions.
- Test runs: Practicing security protocols.
- Clearly delineated cybersecurity standards: Establishing explicit guidelines as part of the corporate culture.