In my last post regarding digital defenses for trucking data, I noted that people can be both the greatest asset as well as the greatest threat to information technology (IT) networks.
A new survey conducted by software firm Mimecast Limited entitled Business Email Threat Report: Email Security Uncovered offers more insight on the latter issue, noting that 65% of the 600 or so IT security decision makers it polled globally feel their e-mail security systems are “inadequately equipped” to handle cyber threats, making them extremely vulnerable to “malicious insiders.”
[E-mail hacks via outsiders are bad enough, as this trucking company’s story illustrates.]
Further, some 45% stressed they are ill-equipped to cope with the threat of malicious insiders, while 90% believe “malicious insiders” as a major threat to corporate security.
“Organizations of all sizes struggle with the risks that are posed by employees being targeted by adversaries to launch and execute attacks to gain access to data or funds” noted Peter Bauer, Mimecast’s CEO, in a statement.
“Every day, we trust employees with sensitive information and powerful tools, but we don’t give them the effective security education and advanced cloud security solutions that goes hand-in-hand with those responsibilities,” he explained. “Another issue we can work together to control are rogue employees, those ‘malicious insiders,’ who use file-sharing or cloud storage services to steal valuable corporate data. IT managers have, for too long, not paid due attention to this threat. We must re-evaluate unrestricted access to these services and ensure that other protections are put in place quickly.”
Bauer pointed out that by concentrating predominately on “perimeter defense” and “outside threats” leaves many organizations struggling to manage risk that comes from their own people, emphasizing the need for organizations to implement employee awareness and education as well as creating a cyber resilience strategy that includes both technology- and human-based defenses.
Here are a few other items from Mimecast’s research worth noting by motor carriers:
- Over half (53%) of IT security decision makers view malicious insiders as a moderate or high threat to their organization.
- One in seven IT security decision makers viewed malicious insiders as their number one threat.
- Those who say they’re very equipped on cybersecurity feel virtually just as vulnerable to insider threats as those who believe they aren’t equipped at all (16% vs. 17%), indicating that the risk of malicious insiders trumps perceptions of security confidence.
What to do about the “insider threat”? Here are few tips for Mimecast:
- Assign role-based permissions to administrators to better control access to key systems and limit the ability of a malicious insider to act.
- Implement internal safeguards and data "exfiltration" control to detect and mitigate the risk of malicious insiders when they do strike, to cut off their ability to send confidential data outside the network.
- Offer creative employee security training programs that deter potential malicious insiders in the first place and help others to spot the signs so they can report inappropriate activity to their managers. Then, back that up with effective processes to police and act swiftly in the event of an attack.
- Nurture a culture of communication within teams to help employees watch out for each other and step in when someone seems like they’ve become disenchanted or are at risk of turning against the company.
- Train your organization’s leadership to communicate with employees to ensure open communication and awareness.
One thing’s for certain: threats to trucking's IT networks – be they from external or internal sources – are not going away anytime soon. Thus best to start reinforcing the digital ramparts now.
