Statistically 28 to 29% of the cyber breaches are orchestrated by insiders while 70% of the cyber breaches happen due to human factors – intentional or unintentional. Sounds confusing. But two different aspects. Insider threats are a cybercrime. Intentional. Cyber breaches from human factors on the other hand are vehicles to a cybercrime. Intentional cyber breaches are however cyber crimes and the rest just prices to pay from ignorance. The recent havoc of Ransomware globally is just one classic example of mass ignorance and lack of IT hygiene practices.
The virtual world carries our legacy of good and vice both from the real world. Betrayal, sabotage and compromises are common in the form of insider threats in an organization or establishment either from the private or public sector. Data leak is as big a curse as any external targeted attack.
The events of Ramayana could have been different for Ram had not Bibhishon been the insider threat for his brother Ravan. Our father of the nation would not have met such a brutal end if not compromised within his own circle. Insider threats have been serious vulnerabilities historically. Case studies on insider threats in the digital space are abundant. A basic Google search is enough.
Most of the cybersecurity efforts from vendors and customers alike are focused on external threat management. Reasonably so as the segment is huge. But that does not in any way mean that we lose sight of the threats from inside. Unfortunately, a precarious balance to contain, but a must.
Insider threats involve employees, suppliers and third-party contractors having access to the system within an establishment. And it is dangerous. Their activity on the system needs monitoring. Data can be stolen, data can be leaked, or data can be compromised and even destroyed. The life line of a system can be disrupted. Millions are lost from insider threat incidences globally and while some are fortunate to recover at expenses many never can. Small and medium sized businesses may hardly ever recover. State sensitive data could be compromised. The volume of impact of insider threat incidences are limitless.
While Bangladesh moves ahead in the vision of “Digital Bangladesh”, cybersecurity becomes a major concern. While developing IT cultures, practicing IT hygiene, taking backups, and fighting external cyber threats continues, we should never lose focus on insider threat management.
We keep our home safe first. We need to keep our cyber space safe from inside first too.