According to Gartner, 90% of insider incidents are due to human error—employees without malicious intent with potentially damaging actions. If humans are the weakest link of an organization’s security, how can you be confident you’re not a part of the statistics? You need to protect both your company’s and personal accounts and devices to avoid any leaks. 6 steps to increase your security Increasing your security is easier than you think.
Data is the most important asset of any company, and the uphill battle of protecting it can seem never ending. Traditional data loss prevention (DLP) solutions focus on the data: classifying it, authorizing access, and monitoring usage in accordance with policies. However, data loss is only the symptom. The root of the problem lies with the unpredictable nature of humans, either with malicious or, more commonly, negligent behavior. Attempting to classify thousands – or millions – of changing data records while simultaneously monitoring human users is a tough feat.
What we know about the recent Tesla breach Tesla alleges that an employee made changes to its Manufacturing Operating System (MOS), wrote malicious code intended to periodically export confidential company data, and installed it on the computers of three unsuspecting colleagues. This code successfully exported a large amount of data - including video and photos of manufacturing operations and proprietary code - to unknown third parties. The aftermath of breaches can last months or years There is an ongoing investigation to assess the full extent of damage and the cleanup costs are still unknown.
Does your company require employees to sign non-compete or non-disclosure agreements? If not, have you considered making your employees sign one? Are you located in a state in which non-compete agreements are unlawful or hard to enforce? Have you ever been asked to sign a non-compete or non-disclosure agreement and felt reluctant to do so because you didn’t want to limit your future job prospects? Chances are you answered “yes” to one or more of the questions above because companies have a legitimate, keen interest in protecting the information that gives them a competitive edge.
Most companies recruit employees who they believe can help increase their competitive edge and innovation in their respective industries. But as these employees start adding value in their specific fields, it is imperative that they understand how to protect corporate data. Failing to protect intellectual property (IP) doesn’t just jeopardize the company—the employee’s job security, equity, career direction, and reputation are also at risk. Protecting intellectual property is equally important to the employee as the company they work for.
We have been busy working on solving the insider threat problem in a new way and we can’t wait to show you our answer next week at the RSA Conference. The insider threat represents 50%-70% of security breaches (depending on who you’re listening to). Despite its size and significance, the problem remains intractable for two main reasons. Firstly, the human element plays a key part in it, and humans are notoriously hard to read and predict.