An article by Guy Bunker published recently in ComputerWorld UK warns that the insider threat has escalated, and the trend indicates that the greatest potential for damage may now come from those in executive positions.
The insider threat is particularly troublesome for organizations, as the the perpetrators have access to the most confidential of information, and breach detection usually only occurs after the damage is done.
"For every story that makes the news there are probably dozens that don’t, and many more organisations with no idea that such things might be occurring. In the latest case one of the executives admitted to selling the data for many years, an insidious and undetected leak of company secrets over a long period."
Bunker also points out the risks inherent with third-party access to sensitive data as companies move to Cloud-based managed services, which creates an entirely new layer of insider threat.
Though your company may have state-of-the-art access control, authentication, and data loss prevention protocols in place, the move to Cloud-based services requires a leap of faith that the vendor is also being as vigilant regarding who has access to your data, and the data of your clients.
"With the advent of the cloud and increasing collaboration there is now a need for the data to start ‘protecting’ itself from being accessed by the wrong individuals or systems. Do you know where your data is and who might be selling it?"