While it’s hard to estimate the cost of cybercrime, experts agree the number is massive, and on the rise.
“The global figure has been put at around $200 billion annually,” said Kurt Baumgarten, head of Information Security & Technology Management at Linedata in Boston, in an interview with Forbes. “Or, looking at it from the retail level, $670 million in associated costs through theft, time loss, identify theft, etc.”
For business leaders, the temptation is to look for threats of any kind as coming from external sources — people you don’t know trying to rip you off through unscrupulous and criminal methods. But by neglecting internal threats — whether accidental or intentional — you could be putting your business at a much higher risk for cybercrime.
In some cases, internal threats have climbed to never-before-seen levels. Business Insider recently reported on a bold move by hackers in Ireland: trying to bribe Apple employees in an attempt to gain access to the corporation’s data. The offer? More than $20,000 in exchange for valid login credentials.
That approach may be unconventional, but it’s not unthinkable that an employee could open the door to a security breach. In one notable internal hacking incident, a Morgan Stanley adviser allegedly gained personal data on thousands of the company’s clients, with some of that data ending up online.
“All too often when people think of cybersecurity, they are thinking of a hacker or a virus,” said Brian Edelman, chief executive of Financial Computer Services, a company that works primarily in cybersecurity, in an Investment News article. That misguided view continues to cripple businesses of all kinds, in every industry.
Protective measures businesses must take against insider cyber threats include:
- Conduct an analysis to determine data security vulnerabilities.
- Classify data that need different layers of protection.
- Develop a loss prevention plan.
- Develop security measures that restrict access to critical data.
- Use data loss prevention technologies that allow for real-time network activity monitoring, and system status monitoring for internal and external activity.
- Limit employees who have access to different types of data.
- Implement system-wide encryption.
As data threats evolve, we invite you to sign up for monthly updates and insights on how to best protect your business and the data under your care: Subscribe now.