1. Sales & Marketing
  2. Finances
  3. Your Team
  4. Technology
  5. Social Media
  6. Security
Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
Grow Your Business Security

Insider Threats: How Employees Put Company Data at Risk

Insider Threats: How Employees Put Company Data at Risk
Employees are putting their company's data in danger. / Credit: Insider Threats image via Shutterstock

Forget cybercriminals – your own employees could be putting your company's confidential data at risk, a new study finds.

Employees with access to sensitive data – such as health care records, private company information, intellectual property or personal records — frequently put their organization's confidential information at risk, according to research from security firm Raytheon Co.

The study discovered that many employees with the highest levels of network permissions in organizations are often granted access to data and areas of the network not necessary for their roles and responsibilities. In addition, 65 percent of the professionals surveyed for the study said it's curiosity, not job necessity, that's driving these same individuals to access sensitive or confidential data.

"Our goal is to also help organizations understand that good people can make mistakes and put sensitive data at risk," said Jack Harrington, vice president of cybersecurity and special missions for Raytheon Intelligence Information and Services. "Even a well-intentioned, seasoned, privileged user with wide access to a network poses great risks because they are high-value targets to corporate 'hacktivists' and persistent adversaries eager to penetrate a company's defenses."

Nearly 50 percent of those surveyed said it's likely that malicious insiders would use social engineering —when employees are psychologically manipulated into giving up confidential information —or other measures to obtain someone's access rights. That compares to just 21 percent who said the same in 2011.

Moreover, 69 percent of the professionals surveyed said their security tools don't provide enough contextual information to determine the intent behind reported incidents, and 59 percent said their tools yield too many false positives.

[For a side-by-side comparison of the best antivirus software visit our sister site Business.com.]

"The results of this survey should serve as a wake-up call to every executive with responsibility for protecting company or customer sensitive data," Harrington said. "While the problem is acutely understood, the solutions are not."

Overall, 59 percent of those surveyed said access controls pose the greatest threat to general business information, followed by customer information, at 49 percent.

The research shows that a lack of background checks and small security budgets are two of the biggest contributing factors to insider threats. Specifically, 57 percent said background checks are lacking in most organizations before issuance of privileged credentials. Additionally, while 88 percent of those surveyed recognize enhanced security as a top priority, less than half of those have a dedicated budget to invest in enabling technologies to reduce insider threats.

"The goal of this survey is to not only share current insider threat statistics but to educate organizations on their privileged users and the threats and attacks that can happen because of the access they own," Harrington said. "If a privileged user wants to do bad things, their elevated access to the company network makes it easier for them."

The study was based on surveys of 693 "privileged users," which are defined as network engineers, database administrators, information-security practitioners and cloud custodians.

Chad Brooks

Chad Brooks is a Chicago-based writer and editor with nearly 20 years in media. A 1998 journalism graduate of Indiana University, Chad began his career with Business News Daily in 2011 as a freelance writer. In 2014, he joined the staff full time as a senior writer. Before Business News Daily, Chad spent nearly a decade as a staff reporter for the Daily Herald in suburban Chicago, covering a wide array of topics including local and state government, crime, the legal system and education. Chad has also worked on the other side of the media industry, promoting small businesses throughout the United States for two years in a public relations role. His first book, How to Start a Home-Based App Development Business, was published in 2014. He lives with his wife and daughter in the Chicago suburbs.