News & Resources

Business identity theft committed by insiders

Oct 15, 2013 Dave King

When companies and organizations conceptualize data breaches and business identity theft, they often imagine hackers halfway across the world or corporate spies - not their own employees.

However, in a recent study released by Forrester, internal threats are actually the leading cause of data breaches over the past year in countries such as Canada, France, Germany, the United Kingdom and the United States, CSO reported. Specifically, 36 percent of all incidents came from within the organization, and furthermore, they were the result of uninformed employees, i.e. ignorance. In comparison, 25 percent of insider threats were malicious.

The research concluded that companies are failing to properly train workers in the maintenance and protection of sensitive company and client data. Among American and European small- and medium-sized businesses, 42 percent train staff members on data security, while an additional 57 percent of employees said they had no idea about their institutions' current security policies.

Proper training will additionally help companies recognize when employees make mistakes and when they are attempting to do something more nefarious.

"Security teams need to look at this and ask, is this normal? Is this a normal pattern? Is this what the typical employee does as part of their work, or is this behavior out of the ordinary?" Heidi Shey, a Forrester analyst and author of the report, told CSO. "Spotting these kinds of patterns is one way to address that issue."

This issue has grown increasingly prominent as a result of the National Security Administration leaks caused by Edward Snowden. However, while the incident itself is unfortunate, it has pointed to a need on the part of companies' to secure their data storage systems from both outside and inside threats.