Insider Threat Statistics and Mitigation Techniques

Review the following Week 6 Lecture and Reading Materials:

• Watch the Notorious Hackers(Links to an external site.).
• Watch the 10 Biggest Computer Hacks Of All Time(Links to an external site.).
• Review the Additional Readings

We have compiled some excellent articles, white papers, and videos to support learning and exploration. Remember, these are only suggestions to help build upon what you learn. You should not feel restricted in reading what we recommend! If you'd like, prepare your own list in line with what you have learned this week.

White papers*:

• What Is an Insider Threat? Definition, Types, and Countermeasures(Links to an external site.)
• Insider Threat Detection and Management(Links to an external site.)
• Mitigating Insider Threats: Plan Your Actions in Advance(Links to an external site.)
• What Is DLP and How Does It Work?(Links to an external site.)

Videos*:

• Insider Threat and You(Links to an external site.)
• 10 Ways to Prevent Insider Threats(Links to an external site.)
• How To Mitigate Insider Threats(Links to an external site.)
• What is a Honeypot (Cybersecurity)? Honeypot Benefits and Risks

News: Insider Threat Statistics

Source: Techjury.net (Links to an external site.)

Nobody really knows the precise scope of the insider threat within organizations. Attacks perpetrated by employees are so difficult to identify that they often go undetected for weeks, months, or even years.

There has been an uptick in reports of insider breaches and thefts, as employees have become more savvy in the ways of accessing sensitive information or misusing their privileges. Mainstream technologies make it easier to perpetrate this type of inside job. Some useful statistics can point the way as you look to shore up your own organization:

1. More than one-quarter of respondents that have detected a cybersecurity incident cannot identify the source.According to the 2014 US State of Cybercrime Survey from PriceWaterhouse Coopers, a full 26 percent of the more than 500 U.S. business executives, law enforcement officials, and government managers surveyed said they could not determine where a cybersecurity breach originated. Attribution Remains Difficult, So Some Of These Attacks Could Come From Within.
   
   
2. Insiders are considered responsible for 28 percent of cybercrime breaches.Respondents to the PwC cybercrime survey agreed that while these incidents “typically fly under the media radar” or often go unreported, that employees, service providers and contractors are responsible for nearly three in 10 of all cyber breaches.
   
   
3. Insider crimes are more damaging and costly according to 32 percent of executives.Nearly one-third of executives surveyed by PwC said that they found insider online crimes perpetrated by their employees or other trusted insiders cost them more in both financial losses and reputational risk. This could be in part because insiders are more likely than outsiders to know where the best information is kept, or in part because insiders are typically able to cover their tracks and continue operating undetected for longer periods of time.
   
   
4. And yet, less than half of organizations have a Plan To Deal With This.Only 49 percent of executives responding to the PwC survey say they have a plan in place to respond to insider threats.  Never mind predicting or preventing them. This, despite the fact that, according to PwC, “many insider incidents result from employee vulnerabilities such as social engineering and loss of devices—risks that could be very well mitigated by employee training.”
   
   
5. S. organizations lose more money to cybercrime than foreign counterparts. A separate PwC report, the 2014 Global Economic Crime Survey, found that 7 percent of U.S. organizations lost $1 million or more due to cybercrime incidents in 2013, as compared with just 3 percent of global organizations. Also, 19 percent of U.S. enterprises reported losing $50,000 to $1 million that year, as compared with 8 percent of their counterparts outside the U.S. Given The Higher Cost Of An Inside Breach, Predicting And Preventing Insider Breaches Could Have A Pronounced Effect On Stemming U.S. Organizations’ Losses.
   
   
6. More than half of insider incidents involve abuse of privileges.According to the Verizon 2015 Data Breach Investigations Report (Verizon DBIR), 55 percent of insider breaches come as a result of someone taking or being granted privileges way above their pay grade. In other words, organizations that grant broad privileges could Mitigate At Least Some Of Their Insider Exposure if they were more diligent in limiting and removing privileges quickly.
   
   
7. One out of five incidents is STILL due to phishing.Perhaps unbelievably, given the amount of training and media exposure given to fake baiting emails, phishing schemes still account for 20 percent of incidents where hackers are able to gain insider access through an unintentional accomplice, according to the Verizon DBIR. Maybe, however, it is not so surprising. According to Verizon, “a campaign of 10 emails yields a greater than 90% chance that at least one person will become the criminal’s prey.”

By being mindful of these trends, organizations have a better chance of sidestepping the same pitfalls in their own Insider Threat program, and can be better prepared for incidents when they occur.

Give your thoughts on the statement "a campaign of 10 emails yields a greater than 90% chance that at least one person will become the criminal’s prey".

Edward snowden:

1. In regarding to security controls, what were the lessons learned with Edward Snowden?
2. How to prevent another case like that to happen again?

1. Answer the question in minimum 1 page or maximum 2 pages.
2. Add an introduction. Interpret the question and share a short explanation of the relevant background or context.
3. Be succinct.
4. Close the written assignment with a conclusion.
5. Share a list of references. Footnotes and references should be consistent with the APA7th ED style
6. Submit a DOC file.

Discussion Thread:

The insider threat is one that companies and organizations are starting to take very seriously. What are some ways to mitigate against the insider threat?

1. Answer the question in no more than 200 words.
2. Your answer should have a clear introduction, body, and conclusion.
3. Be succinct.
4. Add references consistent with the APA7th ED style.
5. Submit a DOC file.