February 13, 2017
If you equate internal threats with just malicious insiders you need to read on. When thinking of the people behind internal threats you need to be concerned about three profiles, not just one:
- Compromised Insiders: These employees have had their accounts or systems taken over by an external attacker through credential harvesting, phishing or the installation of various forms of malware. While many of these takeovers are initiated via email, web drive-bys, botnets, and other modes of entry can also be the source of the compromise.
- Careless Insiders: There are also employees at every organization who ignore or simply don’t fully understand the organization’s security policies and rules. We call these folks, Careless Insiders. While ignoring security policies is not done with malicious intent, the actions – such as sending sensitive information insecurely or to the wrong people – can put the organization at greater risk of sensitive data leakage or attack.
- Malicious Insiders: And last but not least, are the Malicious Insiders. Though not common, malicious insiders do exist, and when they strike can cause significant damage. These rogue employees either intend to profit personally from or do damage to the organization by stealing, leaking or compromising confidential data or systems.
So, which one is the real problem? Unfortunately, the answer is all of them! In a recently published survey and report from Forrester, respondents were asked whether their organizations had had security incidents from each of the three types of insiders over the last 24 months. The answering was sobering: 63%, 57%, and 41% respectively had incidents from each type, respectively – Compromised, Careless, and Malicious. Clearly, internal threats are really threatening and not as rare as one might hope.
To more fully address the security threats represented by the each of these internal threat profiles, Mimecast recently announced the latest addition to our Mimecast Target Threat Protection security service: Internal Email Protect. Internal Email Protect provides for the scanning of attachments and URLs for internal-to-internal emails as well as content filtering enforced by Data Leak Prevention services. It also includes the ability to automatically delete infected emails and attachments from employees’ inboxes. In addition, so that your organization doesn’t become an attack stepping stone to one of your partners or customers, Internal Email Protect also adds the scanning of attachments and URLs for your outbound emails. Even more exciting, Mimecast is the only cloud-based email security service that has this capability!
Unfortunately, internal threats are a fact of business life. But by adding Internal Email Protect to your implementation of Mimecast Targeted Threat Protection, this service can reduce the risk that your organization will be negatively impacted by them.
View our Internal Email Protect Press Release here.