Advertisment

Confronting the 'unknown' battle within

While security budgets of Indian companies grew at a 25 pc CAGR, 80 pc could be going towards fending off external threats. Right or Wrong?

author-image
Pratima Harigunani
New Update
ID

Surendra Singh

Advertisment

INDIA: The year 2015 witnessed an unprecedented surge in information security incidents in India from 2,895 in 2014 to 6,284 in 12 months – a rise of 117 per cent. Much like increasing security attacks on enterprises globally, Indian companies too are witnessing a big jump in security attacks.

The observations suggest that security budget of Indian companies have grown by 25 per cent CAGR during the aforementioned period. A closer analysis reveals that organizations are presently investing 80 per cent of their security budgets on fending off external threats.

This tendency may require a complete overhaul as cyber security is no longer just about external threats – it is as much about the threats from within – security threats that take place due to negligent employees, employees with malicious intent, outsourced employees, and the network of value chain partners to cite a few.

Advertisment

Insider-Threat Global Trends:

According to industry reports, 52 per cent of data stolen is attributed to insiders even though they accounted for just 11 per cent of total incidents. Negligence is the top most cause of insider threats with as much as 78 per cent of threats resulting from negligent employees. On an average it takes 170 days to detect a cybercrime but if an insider is involved then the number of days increases to 259. On an average insider breach cost approximately $3.8 million in 2015.

Globally, many countries have disclosure laws where reporting the security incidents to regulatory bodies and in public is mandatory. Insider Threats, however, generally do not get reported due to apprehensions of reputation damage and losing customers trust in a hyper competitive business environment.

Advertisment

Surendra Singh Surendra Singh

Major global incidents:

One of the prominent attacks includes the one that affected retail chain major Target which was impacted by a breach affecting the credit card payment details of 40 million customers. The malware was injected in this case through a supply chain partner. Another incident involved an employee of JPMorgan Chase & Co. (JPMC) who was arrested by the FBI in the nick of time while trying to sell stolen data, reportedly for tens of thousands of dollars. Globally the Insider Threat has reached such magnifying proportions that the FBI’s Internet Crime Compliant Centre (IC3) had to formally issue an advisory to companies to give due consideration to Insider Threats.

Advertisment

The Indian context:

The overall business ecosystem in India remains as indifferent to Insider Threats as their global counterparts. For instance, way back in 2005, Citibank was reported to have experienced a data breach valued at $350,000 that originated from one of its call centre associates based in Pune. Another incident involved UK’s TalkTalk data breach by staff of an Indian IT major. India is one of the prominent faces of the information-driven modern day economy and many multinationals are increasing outsourcing to India. There is relevance and need for Indian enterprises to have elaborate security mechanisms to protect against Insider Threats.

Overcoming Insider Threat:

Advertisment

As with any potential cyber vulnerability, the Insider Threats can be largely addressed with the right method and some preparedness. Towards this, the first step is to ensure that it is not viewed just as an IT issue. Today managements have begun to recognize importance of cyber security given the investments they are making into ICT infrastructure. However, Boards need to put in place an effective risk management process around insider threats and cyber security in general.

There are larger implications if organisations fail to act on the risk of insider threat, it may result in uncontrolled risk to organisation’s intellectual property, business intelligence, customer data or employee information.

Creating an effective Insider Threat protection program would involve defining policies that spell out the correct way to use the organisation’s IT infrastructure, incorporation of proper access control mechanism, employee education at regular intervals, monitoring of unusual employee network behavior by use of technology and operational processes and auditing to evaluate success and gaps in the insider-threat program. For e.g. one of the things audit may reveal is insecurity due to privileged users who are normally exempted from security controls and monitoring.

Cyber Security is a reality here to stay and insider threat is no different. Giving insider threats its due importance by all stakeholders will ensure a seamless business continuity momentum.

(Surendra Singh is Country Director – India & Saarc, Forcepoint. Views expressed here are of the author and CyberMedia does not necessarily endorse them.)

cyber-security cyber-attacks cyber-crime