Blog

 
     

Insider Threat for Data a Growing Concern

By Michael Klazema on 12/24/2019

Businesses and organizations possess more data about their customers than ever before. Between online account information, payment card details, and insights about activity and preferences, there is a worry among consumers about what “privacy” means in an increasingly connected online world. Over the past decade, the data breach has become one of the top concerns for small businesses and major corporations alike, and for good reason: hackers have been able to steal vast amounts of data from entities as diverse as Target, Yahoo, Marriott, and the United States Office of Personnel Management.

Not all these threats are coming from outside the walls. In multiple recent scenarios, insider threats have represented a significant risk to organizations and their data. In this landscape, employers need to be more vigilant about not just who they hire but also who they continue to employ. Thorough background checks at the time of hire are no longer enough. Robust security controls, employee oversight, and ongoing background checks are now essentials as well.

Each year, Verizon commissions a Data Breach Investigations Report that reviews and collects insights from that year’s cybersecurity incidents. In 2019, the report found that more than one-third of all 2019 data breaches (34 percent) occurred because of “insider threat actors.”

There have been examples of insider breaches at numerous major companies in recent years. In 2019, a federal indictment in the United States alleged that three former Twitter employees had breached the company’s databases to spy for Saudi Arabia’s royal family. The indictment, which names two Saudi citizens and one American citizen, says that the individuals accessed personal information from dissident Saudi Twitter accounts as a means of determining the identities of the account owners. Some analysts have argued that the case underlines how tech companies with huge databases of user information are now targets for intelligence agencies in the same way that government entities have always been.

Also in 2019, Antivirus software company Trend Micro announced that a rogue employee had sold data for 68,000 customers to a malicious third party. Even more damaging, a former Amazon Web Services (AWS) employee utilized her experience with the platform to steal customer data from a Capital One AWS storage space. The breach affected 106 million customers.

How can companies fight back against these threats? In the cybersecurity industry, the recommendation is to implement a policy called “zero trust.” Organizations repeatedly verify that users or devices that are accessing the networking or requesting information have the right to be there. Zero trust encourages a higher level of oversight in the devices that employees are using, the software and apps installed on those devices, and the context surrounding data requests.

Another critical protocol is to implement ongoing background checks. While ongoing background checks won’t identify all insider threats—many of the individuals behind these acts may not have been convicted of any crimes in the past—they can provide a way to monitor potential red-flag behavior. At backgroundchecks.com, we offer an ongoing criminal monitoring service to re-screen your employees a monthly.


Tag Cloud
Categories
Recent Posts

Latest News

  • January 16 Changing attitudes about marijuana are reshaping national approaches to criminal record expungement, leading to broader access to these options.
  • January 14 A national criminal background check typically involves a search of a multi-jurisdictional database. Background check companies often compile and internally maintain these databases, such as our US OneSEARCH database. 
  • January 14 Background checks for bus drivers pose a dilemma for schools and organizations struggling to find drivers to fill jobs in a low-unemployment economy.
  • January 10 When conducting a criminal background check for employment purposes, you must understand the regulations that apply. At backgroundchecks.com, we can help with trusted employer background check products and educational resources.
  • December 27 Ban the box rules are well-known as they apply to business applications, but few people know that criminal history can be a barrier to higher education. What happens when schools go beyond the box?
  • December 24 Over the past decade, data breach has become one of the top concerns for small businesses and major corporations alike, and for good reason.
  • December 20 In a pre-employment screening process, which check do employers run first: the criminal background check or the drug test? We look at the standard order of vetting processes in the pre-employment journey. 
  • December 19 With an entire industry built around online dating platforms, many people use them as an easy way to connect. No app thoroughly verifies its users, raising persistent concerns about safety. 
  • December 17 Is ridesharing getting safer? Uber recently released a sprawling safety report tracking sexual assaults and other crimes that occurred during rides in 2018 and 2017. Lyft is facing a lawsuit for allegedly failing to protect women from dangerous drivers. 
  • December 12 It's the most wonderful time of the year, but you still need to be vigilant about safety within your business. Keep these tips in mind for a successful season.