Entrepreneurship is at the heart of the American Dream – yet it seems to be harder and harder to stay ahead of the game and make sure that your company is protected on all fronts. Cyber threats appear to be on the rise and targeting all sorts and sizes of companies, including private firms that are the backbone of the US economy, such as financial services firms providing crucial consulting to other industries. With new malware attacks like WannaCry and Petya being uncovered every day, how can you make sure that your company is protected from the most dangerous type of cyber criminals – those already working for your company?
Cyber Crime Costs Rise for Companies Worldwide
Companies rush to spend a lot of money to protect themselves from cyber attacks; according to the 2017 Cost of Cyber Crime Study conducted by Ponemon Institute on over 250 companies across seven countries, including the US, organisations invested roughly 23% more in battling hackers this previous year, with the average cost rising to $11.7 million. A malware attack costs on average $2.4 million to resolve and the most obscure type of threats, malicious insider attacks, take on average 50 days to deal with. Furthermore, an average 130 security incidents are reported each year.
Most Cyber Attacks an Inside Job
Financial services firms in particular deal with a lot of sensitive and financially crucial data – so it is not hard to imagine why they would appear as a particularly appealing target for cyber attacks. Amazingly, most security breaches come from where you would least expect it: within your company. It was reported in a survey a couple of years ago that 60% of cyber attacks were perpetrated by insiders: a little over 15% were inadvertent actors and over 44% were malicious and intentional. Insider threats are those posed by an organization’s human element, like current or past employees, business partners, third-party service providers, contractors, or board members, who take advantage of legitimate access privileges to compromise the confidentiality and integrity of the organization’s data. Malicious insider threats refer to people who deliberately endanger the organization’s data, in the hope of acquiring personal gain or conducting espionage, or generally expressing malicious intent. They might deploy malware in the organization’s or customers’ systems or even steal sensitive data.
You will find more statistics at Statista
How to Prevent and Deal with Insider Threats
As financial services turn more and more to the latest technology solutions and cutting-edge applications to conduct business and manage confidential data, they need to understand the risks and take appropriate measures. The first step would be to identify the critical software and hardware points that could be vulnerable to insider attacks, as well as pinpoint and assess these vulnerabilities. A risk assessment of potential security breaches will help to draw up a financially sound policy to address risks, while the current vetting process of employees and contractors should be evaluated and recalibrated to fit the dangers posed by each category of insiders. Last but not least, an official incident response process should be put in place, so that everyone is up to speed on how to react to contain and minimize losses.
Of course, these policies are not a one-off procedure – instead, a security-focused shift on the overall approach to cyber threats should be encouraged on every level, from low-rank employees to executives, in order to make sure that insider threats are properly dealt with.