Contrary to prevalent eye-catching headlines on foreign cyberterrorism being one of today’s biggest security concerns, the reality is that companies are most vulnerable from the inside. IBM found, in their 2016 Cyber Security Intelligence Index, that 60 percent of all attacks were carried out by insiders, with three-quarters of the attacks involving malicious volition and one-quarter involving inadvertent circumstances.
While industries may vary in the value and volume of their assets, and the technological security system used to defend such assets, the common factor between all sectors is people: the trusted employers with access to company intelligence. With people involved, human error caused by unwitting insiders will always be a major factor in breaches; a prime example is an IT admin whose full access to company infrastructure can catalyze a small mistake into a costly fiasco. On the other hand, there are trusted employers with malicious intent, who will steal intelligence to sell to competitors or to settle a personal vendetta against the company. Lastly, the more espionage factor is the ability of expert cybercriminals to hijack employee identity and system through malware or phishing attacks.
Even with the advancement of artificial intelligence, managers need to be more vigilant and focus their security efforts to obtain greatest returns on protection. A simple but tactical solution would be to place the strongest defenses and most frequent monitoring on the business’ most valuable data and assets. Such basic security tactics must not be taken for granted. The human factor can also be used as an advantage. Since people are creatures of habit, applying deep analytics and AI can determine each employee’s respective patterns and flag the security system when deviations in behavior arise. In particular, a greater vigilance should be placed on key insiders with access to critical assets, such as IT admins, executives and at-risk employees.