The malicious insider remains a serious threat, but will become more visible.
“Et tu, Brute?” Whether it was Shakespeare’s Caesar or America’s Benedict Arnold, we have long known the pain of betrayal by those we trust. Information technology simply made the betrayer’s job easier. In 2014, a significant number – if not almost half – of data breaches will come at the hands of people on the inside. However, as the federal government and individual states add muscle to privacy breach notification laws and enforcement regimes, the hidden nature of insider attacks will become more widely known.
“There’s a tremendous amount of data compromised today where the act is never discovered or disclosed. People discount the insider threat because it doesn’t make the news. Instead, we see headlines about external credit card breaches and theft of personally identifiable information, because regulations mandate accountability and punishment is expensive. The insider threat is insidious and complex. Thwarting it requires collaboration by general counsel, information security, and human resources. SEC breach disclosure of 'material losses' may be the model for rules requiring a company to be more transparent and answerable for allowing bad actors to go unpunished,” said Ryan.
Kroll, a global leader in risk mitigation and response solutions, recently released its third annual Cyber Security Forecast, a prediction of the most significant cyber issues organizations will confront in 2014. The latest forecast highlights seven trends identified by Kroll and suggests that a changing tide in cyber standards, both social and legal, will require organizations to take stronger actions and safeguards to protect against reputational, financial and legal risks.