The incidents that typically fly under the
media radar are insider events. We found
that 28% of respondents pointed the
finger at insiders, which includes trusted
parties such as current and former
employees, service providers, and
contractors. Almost one-third (32%) say
insider crimes are more costly or
damaging than incidents perpetrated by
outsiders. The larger the business, the
more likely it is to consider insiders a
threat; larger businesses also are more
likely to recognize that insider incidents
can be more costly and damaging.
Despite this, however, only 49% of all
respondents have a plan for responding
to insider threats.
Many insider incidents result from
employee vulnerabilities such as social
engineering and loss of devices—risks
that could very well be mitigated by
employee training. Organizations can
also prevent insider incidents by
monitoring employees for certain
negative behaviors. For instance,
respondents said that insiders who had
perpetrated cybercrimes most often
displayed behaviors such as violation of
IT policies, disruptive behavior, and poor
performance reviews. They also said
most insider incidents are conducted for
financial gain. (Figure 2.)
The incidents that typically fly under themedia radar are insider events. We foundthat 28% of respondents pointed thefinger at insiders, which includes trustedparties such as current and formeremployees, service providers, andcontractors. Almost one-third (32%) sayinsider crimes are more costly ordamaging than incidents perpetrated byoutsiders. The larger the business, themore likely it is to consider insiders athreat; larger businesses also are morelikely to recognize that insider incidentscan be more costly and damaging.Despite this, however, only 49% of allrespondents have a plan for respondingto insider threats.Many insider incidents result fromemployee vulnerabilities such as socialengineering and loss of devices—risksthat could very well be mitigated byemployee training. Organizations canalso prevent insider incidents bymonitoring employees for certainnegative behaviors. For instance,respondents said that insiders who hadperpetrated cybercrimes most oftendisplayed behaviors such as violation ofIT policies, disruptive behavior, and poorperformance reviews. They also saidmost insider incidents are conducted forfinancial gain. (Figure 2.)
การแปล กรุณารอสักครู่..