Vulnerabilities / Threats

8/17/2016
04:00 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

8 Surprising Statistics About Insider Threats

Insider theft and negligence is real--and so are the practices that amplify the risks.
Previous
1 of 9
Next

Image Source: Adobe Stock

Image Source: Adobe Stock

Even though insider threat events are typically much more infrequent than external attacks, they usually pose a much higher severity of risk for organizations when they do happen. Whether malicious or simply negligent, insiders need access to sensitive intellectual property and systems to do their jobs. As a result, when they break policy accidentally or choose to steal, their actions stand to do a tremendous amount of damage to a business. Here's how recent surveys and statistics measure perceptions about the risk posed by insider threats, along with some of the common shortfalls in IT security that unnecessarily expose organizations to higher insider risks.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DLJ@HPE
50%
50%
[email protected],
User Rank: Author
8/26/2016 | 12:55:18 PM
A simple step to reduce the threat
Insider threats are much harder to detect and potentially much more damaging financially and reputationally than an external attack. Secure content management, which employs technology assisted capabilties to constantly scan, analyze and act to reduce the risk needs to be an essential part of every organizations data protection strategy.
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-2486
PUBLISHED: 2018-12-11
SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2018-2492
PUBLISHED: 2018-12-11
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
CVE-2018-2494
PUBLISHED: 2018-12-11
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.
CVE-2018-2497
PUBLISHED: 2018-12-11
The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.
CVE-2018-2500
PUBLISHED: 2018-12-11
Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted.