Internal Security Threats: A Problem that Continues to Get Worse

Most organizations are heavily focused on protecting their organizations from inbound attacks coming directly from cybercriminals – often arriving via email -but not enough emphasis is being put on protecting against threats that originate from the inside. Figuratively, while you are defending the front door of your organization, you can get stabbed in the back.

Our recently released “The State of Email Security for 2019” report delved into the greatest email security challenges facing organizations today, including the internal threat issue. What we found via a global survey of IT and security leaders is startling:

• 41% of organizations have seen increases in internally sourced threats/data leaks, year-over-year
• 71% of organizations reported having seen attacks where malicious activity was spread from one infected user to another. This was up from the previous years’ report.
• 86% of respondents reported that their organization had experienced threats/data leaks caused by careless employees.

What Does This Mean?

No one ever said securing an organization would be easy! With entry attacks focusing on credential theft and other forms of social engineering, and phishing proving so popular and successful, what do you think cybercriminals generally do after getting an initial foothold? After they land, they attempt to spread their attacks, using internally generated email-borne threats. Too many click on a link or open an attachment in an email from what appears to be a colleague or manager at the organization, and the negative aftermath soon follows.

And to make matters worse, 95% of security breaches are directly contributed to by human error. That’s right, your company has employees who, at times aren’t particularly cautious with your organization’s sensitive information or applications. In addition, malicious employees are another class of threat actor that must be considered, however rare they might be.

What Can You Do About It?

While there are no quick fixes or silver bullets, defending against internally generated threats can and should be part of your security program. In the areas of the email, the web, and user awareness and caution, Mimecast can help with our cloud-based security services and training programs. If you want to hear how some Mimecast customers have improved their protections against internally generated threats, I encourage to take-in this customer roundtable webinar.